[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Divine OpenMarket Content Server XSS

To: <bugtraq@securityfocus.com>
Subject: Divine OpenMarket Content Server XSS
From: "Valgasu" <valgasu@rstack.org>
Date: Fri, 3 Oct 2003 23:47:21 +0200

Content Server is a web content management from Divine (www.divine.com)
A Cross Site Scripting in this product allows injection of hostile
HTML/script
into the error page.

Example :
http://www.mouffleton.com/servlet/ContentServer?pagename=<body%20onload=alert(document.cookie);>

Workaround :
Catch error and display a standard error page without echo of the file name.

Valgasu
http://valgasu.rstack.org
http://www.rstack.org

References:
- Webmails + Internet Explorer can create unwanted javascript execution
  - From: Jedi/Sector One <j@pureftpd.org>

Prev by Date: Cisco 6509 switch telnet vulnerability
Next by Date: Cobalt RaQ Control Panel Cross Site Scripting
Previous by thread: RE: Webmails + Internet Explorer can create unwanted javascript execution
Next by thread: Re: Webmails + Internet Explorer can create unwanted javascript execution
Index(es):
- Date
- Thread