"The only truly secure system is one that is powered off, cast in a block of concrete and sealed in a lead-lined room with armed guards - and even then I have my doubts. - Gene Spafford"
HIO-2009-0221 Zazzle Store Builder XSS PDF Print E-mail

Zazzle Store Builder. "a convenient, flexible way to access Zazzle products", exhibits two cross-site scripting vulnerabilities.

Input passed to the "gridPage" & "gridSort" parameters is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in the context of an affected site.

References:

CVE-2009-1320

BID: 34525

FrSIRT: N/A

Nessus:N/A

OSVDB: 53683

SA: 34009

XF: 

Related: 

Vendor Solution:


 
< Prev   Next >
[ Back ]