linux, säkerhet

94170 2003-03-15  00:20  /23 rader/ flur <flur@flurnet.org>
Importerad: 2003-03-15  00:20  av Brevbäraren
Extern mottagare: bugtraq Security List <bugtraq@securityfocus.com>
Mottagare: Bugtraq (import) <3981>
Ärende: Guestbook v1.1.3 CSS Vuln
------------------------------------------------------------
Project:   Filebased guestbook.
Author:    Copyright (c) Urs <urs@circle.ch>
Version:   1.1.3
Update:    17-09-2002
Homepage:  http://www.circle.ch/scripts/

This PHP guest book script is vulnerable to hostile cross scripting
in the  'comment' section of guest book posts. Comments span across
multiple pages,  with the newest on the first page- thus a malicious
user could easily embed  hostile code and expect all that read the
guest book with script-processing  browsers to execute it.

The vendor has indicated that this project has been discontinued.



____________________ __ _
~FluRDoInG                        flur@flurnet.org
                             http://www.flurnet.org
KEY ID 0x8C2C37C4 (pgp.mit.edu) RSA-CAST 2048/2048
1876 B762 F909 91EB 0C02  C06B 83FF E6C5 8C2C 37C4
(94170) /flur <flur@flurnet.org>/---------(Ombruten)