LineShout shout.php Multiple Variable XSS

2007-12-18T00:00:00
ID OSVDB:39249
Type osvdb
Reporter OSVDB
Modified 2007-12-18T00:00:00

Description

Vulnerability Description

LineShout contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate username and message variables upon submission to the shout.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

References:

Vendor URL: http://www.geek-place.com/ Secunia Advisory ID:28137 Other Advisory URL: http://davidsopas.com/blog/2007/12/17/lineshout-v10-software-html-injection/ ISS X-Force ID: 39090 CVE-2007-6486 Bugtraq ID: 26906