SecurityHome.eu Security vulnerability: usd250-xss.txt

Home / vulnerabilities PDF

usd250-xss.txt
Posted on 26 October 2007
Source : packetstormsecurity.org Link

http://www.oneorzero.com/

Within the helpdesk utility usd250, an XSS in the comments field is possible.
The comments strip script tags and replace them with (not allowed), but
script tags dont need to be in place for XSS. Something along the lines of...
<b onmouseover="window.alert('omghax')">some text</b> Suffices.

The fix is to use htmlentities() or htmlspecialchars() to filter ALL html
from user input.

TOP

Malware :

Dridex
Shamoon 2
Hitler-Ransomware
Trojan.Win32.Vicepass.A
ButterflyBot.A

Last 20

Exploits :

Customer Support System 1.0 Cross Site Scripting
Xhibiter NFT Marketplace 1.10.2 SQL Injection
WordPress WPCode Lite 2.1.14 Cross Site Scripting
Azon Dominator Affiliate Marketing Script SQL Injection
Simple Laboratory Management System 1.0 SQL Injection

Last 20