Multiple browsers inherited charset crossite scripting

2009-03-06T00:00:00
ID SECURITYVULNS:VULN:7304
Type securityvulns
Reporter BUGTRAQ
Modified 2009-03-06T00:00:00

Description

If [age with undefined charset is displayed in frame, codepage of parent page is used. It makes it possible to conduct crossite scripting attack with e.g. UTF-7, EUC-JP (SHIFT_JIS) charset.