Vivisimo Clustering Engine - Search Script Cross-Site Scripting

EDB-ID:

23268


Author:

ComSec

Type:

webapps


Platform:

Java

Date:

2003-10-21


Become a Certified Penetration Tester

Enroll in Advanced Web Attacks and Exploitation , the course required to become an Offensive Security Web Expert (OSWE)

GET CERTIFIED

source: https://www.securityfocus.com/bid/8862/info

Vivisimo Clustering Engine reported prone to cross-site scripting vulnerability. The problem occurs due to insufficient sanitization of parameters passed to the search script. As a result, an attacker may be capable of constructing a link designed to execute arbitrary script code within the browser of a user who follows it.

http://www.example.com/search?query=<script>alert(document.domain)</script>