Authors: Alex Lanstein, Ivo Parashkevov Date: November 15, 2004 Affected Software: TheFaceBook - All Versions Software URL: http://www.thefacebook.com TheFaceBook, a popular college networking (social, not technological) tool is vulnerable to many XSS holes in it's search and editing methods. In contact.php, the "New School" field is vulnerable to an XSS attack. No POC needed, just put whatever code you want into the field. Might want to check on that Email field too...I smell another sql attack :-) greets to luthy, pramod, cc summer crew 2003, and of course, gab :-)
