Home Vendor Advisories Open Source Vul DB Rapid Classified search.asp SH1 Variable XSS

Wednesday, 03 December 2008

Main Menu Home About us Contact us Services Partners Downloads Online Services Remote Support Helpdesk Backup Reminders Partners We ensure the highest level of vendor support for our clients & have established alliances with the following vendors: Services Spotlight Consulting Our staff have been both technical services providers and managers of IT departments, this enables us to help you to understand your options through independent advice. Read more...   Login Username Password Remember me Lost Password? Tech Zone Vendor Advisories Cisco Microsoft Open Source Vul DB Products Industry News

Rapid Classified search.asp SH1 Variable XSS Sunday, 19 November 2006 Rapid Classified contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'SH1' variable upon submission to the search.asp script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity. Read more...

This page was loaded in 0.052 seconds.