Six Apart Vox - search Page Cross-Site Scripting

2010-03-05T00:00:00
ID EXPLOITPACK:2D5E169A0EC6C4D2B587FE36C55B4D77
Type exploitpack
Reporter Phenom
Modified 2010-03-05T00:00:00

Description

Six Apart Vox - search Page Cross-Site Scripting

                                        
                                            source: https://www.securityfocus.com/bid/38575/info

Six Apart Vox is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

http://www.example.com/explore/search/%22%3E%3Cscript%3Ealert%28document.cookie%29%3C%2Fscript%3E/