Network Security News – Sunday, July 16, 2006 Events
Actinic Catalog ca000001.pl hop Variable XSS
Actinic Catalog contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'hop' variable upon submission to the ca000001.pl script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/27098