[NEWS] ICQ Web Portal Multiple Cross Site Scripting Vulnerability
From: support@securiteam.comDate: 09/24/01
- Previous message: support@securiteam.com: "[UNIX] Textor Webmasters CGI Allows Remote Command Execution"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: support@securiteam.com To: list@securiteam.com Subject: [NEWS] ICQ Web Portal Multiple Cross Site Scripting Vulnerability Message-Id: <20010924192400.B53AB138C1@mail.der-keiler.de> Date: Mon, 24 Sep 2001 21:24:00 +0200 (CEST)
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
When was the last time you checked your server's security?
How about a monthly report?
http://www.AutomatedScanning.com - Know that you're safe.
- - - - - - - - -
ICQ Web Portal Multiple Cross Site Scripting Vulnerability
------------------------------------------------------------------------
SUMMARY
The ICQ portal suffers from several Cross Site Scripting vulnerabilities.
These vulnerabilities allow attackers to force the web site to return
arbitrary information that would seem as coming from the original web
site.
DETAILS
The ICQ web portal may inadvertently include malicious HTML tags or script
in dynamically generated pages.
Example 1:
Screen Shots:
Example 2:
Screen Shots:
ADDITIONAL INFORMATION
For more information about CSS (Cross Site Scripting), see:
The information has been provided by
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
====================
DISCLAIMER:
http://search.icq.com/dirsearch.adp?query=
<http://www.isecurelabs.com/advisory/icq1.jpg>
http://www.isecurelabs.com/advisory/icq1.jpg
<http://www.isecurelabs.com/advisory/icq2.jpg>
http://www.isecurelabs.com/advisory/icq2.jpg
http://web.icq.com/foo/
<http://www.isecurelabs.com/advisory/icq3.jpg>
http://www.isecurelabs.com/advisory/icq3.jpg
<http://www.isecurelabs.com/advisory/icq4.jpg>
http://www.isecurelabs.com/advisory/icq4.jpg
<http://www.securiteam.com/exploits/5IP000K0LI.html>
http://www.securiteam.com/exploits/5IP000K0LI.html
<mailto:aurelien.cabezon@iSecureLabs.com> Cabezon Aurelien.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com
====================
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
Relevant Pages
... DeleGate Cross Site Scripting Vulnerability ...
(Bugtraq)
... Internet Explorer 5 allows cross site scripting while its in gopher view. ... The usual cross site scripting attack consequences are subject here. ... The information in this bulletin is provided "AS IS" without warranty of any kind. ... In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages. ...
(Securiteam)
... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... Invision Power Board Cross Site Scripting Vulnerability ...
(Securiteam)
... IPCop Cross Site Scripting Vulnerability in "proxylog.dat" ... Paul Kurczaba ...
(Bugtraq)
... Mail.com Cross Site Scripting Vulnerability ... Sign-up for your own FREE Personalized E-mail at Mail.com ...
(Bugtraq)
