- 34,599
- 0
- 18 Дек 2022
- EDB-ID
- 23411
- Проверка EDB
-
- Пройдено
- Автор
- MR. P.TAYLOR
- Тип уязвимости
- REMOTE
- Платформа
- WINDOWS
- CVE
- null
- Дата публикации
- 2003-12-03
Код:
source: https://www.securityfocus.com/bid/9149/info
Websense Enterprise displays error pages for blocked sites without sufficiently sanitizing HTML and script code from the blocked site URI. This could allow for cross-site scripting attacks if a victim user visits a link to a blocked site that includes hostile HTML and script code. Exploitation could permit theft of cookie-based authentication credentials or other consequences.
http://[BlockedSite]?<SCRIPT>alert('hello')</SCRIPT>- Источник
- www.exploit-db.com
