[2/5] Youtube Script “lang[please_wait]” Cross-Site Scripting Vulnerability

February 4th, 2008 by

[2/5] Youtube Script “lang[please_wait]” Cross-Site Scripting Vulnerability

:Smasher has reported a vulnerability in Youtube Script, which can be exploited by malicious people to conduct cross-site scripting attacks.Input passed to the "lang[please_wait]" parameter in siteadmin/editor_files/includes/load_message.php is not properly sanitised before being returned to a user. This can be exploited to execute arbitrary HTML and script code in a user’s browser session in context of an affected site.Solution:Edit the source code to ensure that input is properly sanitised.Provided and/or discovered by:SmasherOriginal Advisory:http://archives.neohapsis.com/archives/bugtraq/2008-02/0008.html

Original post by amit

[2/5] Youtube Script “lang[please_wait]” Cross-Site Scripting Vulnerability

Related Articles:

[3/5] Youtube Script “id” SQL Injection Vulnerability

[2/5] AutoIndex PHP Script index.php URL Cross-Site Scripting

[3/5] vShare YouTube Clone “tid” SQL Injection Vulnerability

[2/5] F5 FirePass 4100 SSL VPN installControl.php3 Cross-Site Scripting Vulnerability

[2/5] Serendipity Script Insertion and Cross-Site Scripting

Posted in Advisories - Exploits | | [2/5] Youtube Script “lang[please_wait]” Cross-Site Scripting Vulnerability

<< [3/5] IBM DB2 UDB Multiple Vulnerabilities | [3/5] Wordspew Plugin for Wordpress “id” SQL Injection Vulnerability >>

Cybertrion Systems

[2/5] Youtube Script “lang[please_wait]” Cross-Site Scripting Vulnerability

Categories

Archives:

Search:

Meta: