Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:13768
HistoryAug 07, 2006 - 12:00 a.m.

XSS Vulnerability in FTD v3.7.3

2006-08-0700:00:00
vulners.com
9
JSON

There are some XSS Vulnerabilities in FTD v3.7.3 and prior.

XSS attacks (HTML / Javascript codes) will launch if they are submitted as a search in the search bar.

They will also be launched when sent as a mail to yourself or a victim.

Proof of Concept:

To make sure it launches, you just need to add a word or a normal character before your code.

Example: Hello <script>alert(1);</script> !

If you ignore this and you send you mail without adding a character before your code, you could get this problem:
If you send '<script>alert(1);</script>',
it'll become 'Alert(1);'.
This is because the program wants to correct the first letter, it will try to make the first letter a capital one.

FTD: http://www.binaries4all.nl/ftd/

O.G.

JSON