Bugtraq mailing list archives
Divine OpenMarket Content Server XSS
From: "Valgasu" <valgasu () rstack org>
Date: Fri, 3 Oct 2003 23:47:21 +0200
Content Server is a web content management from Divine (www.divine.com) A Cross Site Scripting in this product allows injection of hostile HTML/script into the error page. Example : http://www.mouffleton.com/servlet/ContentServer?pagename=<body%20onload=alert(document.cookie);> Workaround : Catch error and display a standard error page without echo of the file name. Valgasu http://valgasu.rstack.org http://www.rstack.org
Current thread:
- Webmails + Internet Explorer can create unwanted javascript execution Jedi/Sector One (Oct 03)
- RE: Webmails + Internet Explorer can create unwanted javascript execution Drew Copley (Oct 03)
- Divine OpenMarket Content Server XSS Valgasu (Oct 03)
- <Possible follow-ups>
- Re: Webmails + Internet Explorer can create unwanted javascript execution Jason Munro (Oct 03)
- Re: Webmails + Internet Explorer can create unwanted javascript execution Jedi/Sector One (Oct 03)