Clickcess ChitChat.NET - topic title Cross-Site Scripting

EDB-ID:

23033

CVE:



Author:

G00db0y

Type:

webapps


Platform:

ASP

Date:

2003-08-13


source: https://www.securityfocus.com/bid/8417/info
 
It has been reported that a html injection issue exists in the Clickcess ChitChat.NET discussion forum software. The vulnerability is reported to be present in the Name and Topic Title text boxes. The problem may allow a remote attacker to inject malicious HTML and script code into the website.
 
This vulerability may lead to cookie-based credential theft.

Topic title: <script>alert(Zone-h)</script>