Bugtraq mailing list archives

Divine OpenMarket Content Server XSS

From: "Valgasu" <valgasu () rstack org>
Date: Fri, 3 Oct 2003 23:47:21 +0200

Content Server is a web content management from Divine (www.divine.com)
A Cross Site Scripting in this product allows injection of hostile
HTML/script
into the error page.

Example :
http://www.mouffleton.com/servlet/ContentServer?pagename=<body%20onload=alert(document.cookie);>

Workaround :
Catch error and display a standard error page without echo of the file name.

Valgasu
http://valgasu.rstack.org
http://www.rstack.org

Current thread:

Webmails + Internet Explorer can create unwanted javascript execution Jedi/Sector One (Oct 03)
- RE: Webmails + Internet Explorer can create unwanted javascript execution Drew Copley (Oct 03)
- Divine OpenMarket Content Server XSS Valgasu (Oct 03)
- <Possible follow-ups>
- Re: Webmails + Internet Explorer can create unwanted javascript execution Jason Munro (Oct 03)
  - Re: Webmails + Internet Explorer can create unwanted javascript execution Jedi/Sector One (Oct 03)