GetBoo stored XSS
Brought to you by:
chuckatsf
A user is able to upload a modified bookmarks file (html file) that contains malacious code under the <DD> tag. This code is not validated before being published onto the users 'bookmarks' page.
Example:
<DL> <DT><H3 ADD_DATE="2012-03-05 03:32:38">555-555-0199@example.com</H3> <DD><script>alert('XSS');</script>