#24 GetBoo stored XSS

[Francois Milfeuille]

A user is able to upload a modified bookmarks file (html file) that contains malacious code under the <DD> tag. This code is not validated before being published onto the users 'bookmarks' page.

Example:

<DL>
<DT><H3 ADD_DATE="2012-03-05 03:32:38">555-555-0199@example.com</H3>
<DD><script>alert('XSS');</script>