OpenAutoClassifieds 1.0 - 'Listing' Cross-Site Scripting

Related Vulnerabilities: CVE-2003-1145  
Publish Date: 04 Nov 2003


It has been reported that OpenAutoClassifieds is prone to a cross-site scripting vulnerability. The issue is reported to exist due insufficient sanitization of user-supplied data through the 'listings' parameter. The problem may allow a remote attacker to execute HTML or script code in the browser of a user following a malicious link created by an attacker.

Successful exploitation of this attack may allow an attacker to steal cookie-based authentication information that could be used to launch further attacks.

OpenAutoClassifieds version 1.0 is reported to be prone to this issue, however other versions may be affected as well.<