Lucene search
Hanno BoeckEDB-ID:30751HistoryNov 12, 2007 - 12:00 a.m.
Miro Broadcast Machine 0.9.9 - 'login.php' Cross-Site Scripting
2007-11-1200:00:00
Hanno Boeck
www.exploit-db.com
14
source: https://www.securityfocus.com/bid/26407/info
Miro Broadcast Machine is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.
Exploiting this issue allows attackers to execute arbitrary HTML or script code in a user's browser session in the context of an affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.
This issue affects Broadcast Machine 0.9.9.9; other versions may also be affected.
<form action="http://www.example.com/login.php" method="post"><input type="text" name="username" value='"<script>alert(1)</script>'><input type="submit"></form> Related
packetstorm
packetstorm
CVE-2007-3694-bm.txt
2007-11-13 00:00:00
cve
cve
CVE-2007-3694
2007-11-14 23:46:00
securityvulns
securityvulns
prion
prion
Cross site scripting
2007-11-14 23:46:00
cvelist
cvelist
CVE-2007-3694
2007-11-14 23:00:00
nvd
nvd
CVE-2007-3694
2007-11-14 23:46:00