"The only truly secure system is one that is powered off, cast in a block of concrete and sealed in a lead-lined room with armed guards - and even then I have my doubts. - Gene Spafford"
HIO-2008-0114 Dansie Search Engine XSS PDF Print E-mail

Dansie Search Engine contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the "keywords" variable upon submission to the search.pl script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

References:

BID: 27269

CVE-2008-0257

OSVDB: 40246  

SECUNIA:28465

XF: 39636

 
 
< Prev
[ Back ]