Disclosure: ARIA (Accounting Receiving and Inventory Administration) genmessage.php Message Field XSS

[This was originally published on OSVDB, now gone. VulnDB ID 24255]

From: security curmudgeon
To: jflechtner[at]users.sourceforge.net
Date: Tue, 28 Mar 2006 11:25:02 -0500 (EST)
Subject: ARIA security issue

Hey Josh,

Not sure if you are still maintaining this project, but while playing with the demo I noticed a small security issue. The genmessage.php script doesn’t sanitize user input submitted to the Message Field (message variable) allowing for cross-site scripting (XSS) attacks. I didn’t test the other scripts so this may occur in other scripts.

Thanks,

Brian

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s