LineShout shout.php Multiple Variable XSS

ID OSVDB:39249
Type osvdb
Reporter OSVDB
Modified 2007-12-18T00:00:00


Vulnerability Description

LineShout contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate username and message variables upon submission to the shout.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.


Vendor URL: Secunia Advisory ID:28137 Other Advisory URL: ISS X-Force ID: 39090 CVE-2007-6486 Bugtraq ID: 26906