Basic search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:11215
HistoryJan 28, 2006 - 12:00 a.m.

[CORRECTIONS AND ADDITIONS ]Azbb v1.1.00 Cross-Site Scripting

2006-01-2800:00:00
vulners.com
7

PoC :

1)

This flaw exists because the application does not validate the "nickname"
variable upon submission to the post.php script via the POST method.

h**p://www.[target]/post.php?nickname="><script>alert('XSS')</script><!–