|
|
| |
|
|
| |
|
|
| |
|
.:::.who's online.:::.
|
|
There are currently, 6 guest(s) and 0 member(s) that are online.
|
|
|
|
|
Atomz Search Engine Cross-site Scripting Vulnerability
posted by: valvoline on 15/10/2001 @ 22.50.54
|
Summary:
Atomz Prime Search and Atomz Enterprise Search are commercial applications for searching content on websites of various sizes. Atomz Express Search is a free version for small websites.
Search engines released by Atomz do not filter HTML image tags from search queries. The danger is that arbitrary script code can be executed in the browser of a user clicking a maliciously crafted link to a site hosting an Atomz search engine. The script code will execute within the context of that site.
If successfully exploited, this issue may cause a web user to be the victim of a cross-site scripting attack. One variation of this type of attack may enable the attacker to steal cookie-based authentication credentials from a user.
vulnerable systems:
Atomz Enterprise Search 1.0
Atomz Express Search 1.0
Atomz Prime Search 1.0
Solutions:
No solutions provided, yet.
|
comments: (0)
|
|
|
|
|
|
|
| | |
|
|
| |
|
.:::.Login.:::.
|
|
Don't have an account yet? You can create one. As registered user you have some advantages like, comments configuration and post comments with your name. |
|
| |
|
|
|
