XSS vulnerability in Mojo Mail Sign-Up Form

Type securityvulns
Reporter Securityvulns
Modified 2002-10-25T00:00:00


Heya, this is my first post here so go easy on me plz. I posted about this on the Mojo Bug Tracker ages ago and it's just been ignored, and besides, Im losing faith in reporting to the vendor, PHP Arena took the credit for an XSS bug I found in their paFileDB. But anyway, Mojo Mail doesn't filter sign-up requests, here's an example on Mojo's site:

http://mojo.skazat.com/cgi-bin/mojo/mojo.cgi?flavor=subscribe&email=% 3Cscript%3Ealert%28%22XSS%20Vuln.%22%29%3C%2Fscript% 3E&list=skazat_design_newsletter&submit=Submit

I don't know if I'm supposed to say more but it's just XSS, I think that's it? ~ElectroPhreak