by r0t,der4444,cembo,VietMafia

Wednesday, November 23, 2005

SupportPRO Supportdesk XSS vuln.

SupportPRO Supportdesk XSS vuln.
Vuln. dicovered by : r0t
Date 23 nov. 2005

Input passed to the post and view tickets parameters isn't properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

Edit the source code to ensure that input is properly sanitised.


Post a Comment

<< Home

Copyright (c) 2006 Pridels Sec Crew