10 lines
No EOL
624 B
Text
10 lines
No EOL
624 B
Text
source: http://www.securityfocus.com/bid/6001/info
|
|
|
|
A vulnerability has been discovered in the Caching Proxy component bundled with the IBM Websphere Edge Server.
|
|
|
|
Due to insufficient sanitization of user-supplied input it is possible for an attacker to construct a malicious link which contains arbitrary HTML and script code, which will be executed in the header of the website visited by the victim.
|
|
|
|
Attacks of this nature may make it possible for attackers to steal cookie-based authentication credentials.
|
|
|
|
GET /%0a%0dLocation:%20http://www.evil.com/"><img%20src="javascript:alert
|
|
(document.domain)">HTTP/1.0 |