mmarum-sugarcrm
commented
11 years ago From apijason...@gtempaccount.com on June 04, 2008 19:36:42 We contacted the developer and made sure this vulnerability was addressed. For general application bugs, please contact the developer directly. You may continue posting XSS vulnerabilities in this tracker, however.
Original author: arph...@gmail.com (May 27, 2008 02:12:14)
profiles using xss code in typeracer/name alert-prompt in use in typeracer/name example of the script in use:script>alert('Lol')</script>
http://www.orkut.com/Profile.aspx?uid=6828975275399546776 http://www.orkut.com/Profile.aspx?uid=12535950420433109569 http://www.orkut.com/Profile.aspx?uid=1653397792325311671 http://www.orkut.com/Profile.aspx?uid=7364362485557228390 http://www.orkut.com/Profile.aspx?uid=13589293559681889131 http://www.orkut.com/Profile.aspx?uid=12865972278775917511 http://www.orkut.com/Profile.aspx?uid=7148688597467885316 http://www.orkut.com/Profile.aspx?uid=15081226744246150035 http://www.orkut.com/Profile.aspx?uid=9112559295442069791 http://www.orkut.com/Profile.aspx?uid=14073181731404878043 http://www.orkut.com/Profile.aspx?uid=17010493176546840745 http://www.orkut.com/Profile.aspx?uid=15097062012341682713 http://www.orkut.com/Profile.aspx?uid=1630915517237564220 http://www.orkut.com/Profile.aspx?uid=8214442479929001387
and other profiles thanks
Original issue: http://code.google.com/p/opensocial-resources/issues/detail?id=194