Verity K2 Toolkit 2.20 Query Builder Search Script - Cross-Site Scripting

EDB-ID:

22857

CVE:

N/A


Author:

SSR Team

Type:

webapps


Platform:

JSP

Date:

2003-07-02


Become a Certified Penetration Tester

Enroll in Penetration Testing with Kali Linux and pass the exam to become an Offensive Security Certified Professional (OSCP). All new content for 2020.

GET CERTIFIED

source: https://www.securityfocus.com/bid/8074/info

It has been reported that the K2 Toolkit does not sufficiently sanitize input by users. Because of this, it may be possible for an attacker to launch an attack that results in the execution of hostile HTML or script code in the browsers of users that have loaded a malicious link created by the attacker.

http://www.example.com/[search].jsp?[query]=><img src=javascript:alert(document.cookie)>