- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 23612
- Проверка EDB
-
- Пройдено
- Автор
- OLIVER KAROW
- Тип уязвимости
- REMOTE
- Платформа
- WINDOWS
- CVE
- cve-2004-2128
- Дата публикации
- 2004-01-28
Код:
source: https://www.securityfocus.com/bid/9516/info
BRS WebWeaver has been reported prone to a cross-site scripting vulnerability. An attacker may create a malicious link to the vulnerable server that includes embedded HTML and script code. If this link is followed by a victim user, hostile code embedded in the link may be rendered in the user's browser in the context of the server.
Successful exploitation could permit theft of cookie-based authentication credentials or other attacks.
This issue was reported in BRS WebWeaver 1.07. Earlier versions may also be affected.
http://www.example.com/scripts/ISAPISkeleton.dll?<script>alert("Ooops!")</script>- Источник
- www.exploit-db.com
