Spymac WebOS index.php Multiple Variable XSS

2006-05-17T05:35:38
ID OSVDB:25925
Type osvdb
Reporter OSVDB
Modified 2006-05-17T05:35:38

Description

Manual Testing Notes

http://[target]/notes/index.php?action=delete_folder&del_folder=[XSS-CODE] http://[target]/notes/index.php?action=empty_trash[XSS-CODE] http://[target]/notes/index.php?action=noteform&nick=Lostmon[XSS-CODE]

References:

Vendor URL: http://www.spymac.com/ Security Tracker: 1016116 Related OSVDB ID: 25926 Related OSVDB ID: 25927 Other Advisory URL: http://lostmon.blogspot.com/2006/05/multiple-cross-site-scripting-in.html ISS X-Force ID: 26522 FrSIRT Advisory: ADV-2006-1852 CVE-2006-2488