Datemill - search.php?st Cross-Site Scripting

2009-09-10T00:00:00
ID EXPLOITPACK:0F9168F223C0C05893A23B465B4AF6B5
Type exploitpack
Reporter Moudi
Modified 2009-09-10T00:00:00

Description

Datemill - search.php?st Cross-Site Scripting

                                        
                                            source: https://www.securityfocus.com/bid/42896/info
  
Datemill is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
  
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.
  
http://www.example.com/friendy/search.php?st="><script>alert(document.cookie);</script>