EZ Publish 2.2 - 'index.php' IMG Tag Cross-Site Scripting
| EKU-ID: 28083 | CVE: CVE-2003-0310;OSVDB-6554 | OSVDB-ID: |
| Author: Ferruh Mavituna | Published: 2003-05-16 | Verified:
 |
| Download: | ||
Rating☆☆☆☆☆ |
| EKU-ID: 28083 | CVE: CVE-2003-0310;OSVDB-6554 | OSVDB-ID: |
| Author: Ferruh Mavituna | Published: 2003-05-16 | Verified:
|
| Download: | ||
Rating☆☆☆☆☆ |
source: https://www.securityfocus.com/bid/7616/info A cross-site scripting vulnerability has been reported for eZ publish. Specifically, eZ publish does not sufficiently sanitize user-supplied input supplied to the 'index.php' script. This may allow for theft of cookie-based authentication credentials and other attacks. http://www.example.com/index.php/article/articleview/<img%20src="javascript:alert(document.cookie)">