7 lines
No EOL
424 B
Text
7 lines
No EOL
424 B
Text
source: http://www.securityfocus.com/bid/7545/info
|
|
|
|
An HTML injection issue has been reported which may lead to unauthorized code execution.
|
|
|
|
It has been reported that it is possible to inject HTML or script code into the subject and other fields of a message in Phorum. This may be done by including code in message fields before sending a message to the target victim.
|
|
|
|
<<b>script>alert(document.cookie);<<b>/script> |