[VIM] Source code verification of DVBBS XSS in showerr.asp/action

security curmudgeon jericho at attrition.org
Wed Jul 20 23:02:37 EDT 2005


: Refs: CAN-2005-2318, BID:14223

The only BID reference has no info, hate that =)

: Issue: XSS in DVBBS 7.1 via action parameter of showerr.asp
: 
: If the action parameter has XSS in it, then the code would fall through 
: to the "Case Else" and its value would be directly inserted into the 
: template.
: 
: A quick glance suggests that there may be some other XSS issues as well.

I'll post to the mangler list, see if anyone has time to check.


More information about the VIM mailing list