[VIM] Source code verification of DVBBS XSS in showerr.asp/action
security curmudgeon
jericho at attrition.org
Wed Jul 20 23:02:37 EDT 2005
: Refs: CAN-2005-2318, BID:14223
The only BID reference has no info, hate that =)
: Issue: XSS in DVBBS 7.1 via action parameter of showerr.asp
:
: If the action parameter has XSS in it, then the code would fall through
: to the "Case Else" and its value would be directly inserted into the
: template.
:
: A quick glance suggests that there may be some other XSS issues as well.
I'll post to the mangler list, see if anyone has time to check.
More information about the VIM
mailing list