9 lines
No EOL
713 B
Text
9 lines
No EOL
713 B
Text
source: http://www.securityfocus.com/bid/9999/info
|
|
|
|
It has been reported that WebCT Campus Edition may be prone to an HTML injection vulnerability that may allow a remote attacker to execute arbitrary HTML or script code in the browser of an unsuspecting user. A malicious user could supply malicious HTML or script code to the application via the @import url() function of Microsoft Internet Explorer when posting a message on a forum, which would then be rendered in the browser of an unsuspecting user whenever the malicious message is viewed.
|
|
|
|
WebCT Campus Edition version 4.1 is reported to be affected by this issue.
|
|
|
|
<style type="text/css">
|
|
@import url(javascript:alert(document.cookie));
|
|
</style> |