TUCoPS :: HP Unsorted S :: tb11115.htm

static XSS / SQL-Injection in Omegasoft Insel
static XSS / SQL-Injection in Omegasoft Insel
static XSS / SQL-Injection in Omegasoft Insel


Input passed to fields in OmegaMw7's tables isn't properly sanitized
before being returned to the user. This can be exploited to execute
arbitrary HTML and script code in a user's browser session in context
of an affected site and/or inject SQL-Commands

This applies to many many standard fields in different tables
e.g. F05003, F05005, F05015
and to all user-created text fields using the form creator (you cannot
do it a different way)

kind regards
MC.Iglo

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH