8 lines
No EOL
635 B
Text
8 lines
No EOL
635 B
Text
source: http://www.securityfocus.com/bid/12082/info
|
|
|
|
PhpGroupWare is reported to be susceptible to a HTML injection vulnerability. This issue exists because the application fails to properly sanitize user-supplied input.
|
|
|
|
The attacker-supplied HTML and script code would be able to access properties of the site, potentially allowing for theft of cookie-based authentication credentials. An attacker could also exploit this issue to control how the site is rendered to the user.
|
|
|
|
http://[target]/[phpgroupware_directory]/index.php?menuaction=calendar.uicalendar.planner
|
|
POST DATA: date="><script>alert(document.cookie)</script> |