Vivisimo Clustering Engine - Search Script Cross-Site Scripting
| EKU-ID: 28723 | CVE: CVE-2003-1519;OSVDB-58895 | OSVDB-ID: |
| Author: ComSec | Published: 2003-10-21 | Verified:
 |
| Download: | ||
Rating☆☆☆☆☆ |
| EKU-ID: 28723 | CVE: CVE-2003-1519;OSVDB-58895 | OSVDB-ID: |
| Author: ComSec | Published: 2003-10-21 | Verified:
|
| Download: | ||
Rating☆☆☆☆☆ |
source: https://www.securityfocus.com/bid/8862/info Vivisimo Clustering Engine reported prone to cross-site scripting vulnerability. The problem occurs due to insufficient sanitization of parameters passed to the search script. As a result, an attacker may be capable of constructing a link designed to execute arbitrary script code within the browser of a user who follows it. http://www.example.com/search?query=<script>alert(document.domain)</script>