Menu

#33 Able to inject HTML into URL

open
nobody
None
5
2013-04-12
2013-04-12
Anonymous
No

The ShowDocument and /cgi-bin/ListAllMeetings are vulnerable to HTML injection. For example, the following will generate a popup window on clients:

/DocDB/ShowDocument?docid=3660e4698</title><script>alert(1)</script>5a2aec62a0c

Discussion

Log in to post a comment.

Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.