The MySpace web site fails to properly filter user-supplied content, which may allow for cross-site scripting.
A wide range of impacts may be possible, including modification of content on the MySpace web site, disclosure of passwords or other personal information. Likewise, information stored in cookies could be stolen or corrupted. An attacker could also exploit web browser vulnerabilities that require scripting support, either directly or by redirecting to another web site.
We are currently unaware of a practical solution to this problem, however the following workarounds may help mitigate the vulnerability:
Thanks to Petko D. Petkov of gnucitizen.org for reporting this vulnerability.
This document was written by Chris Taschner and Will Dormann.
|Date First Published:||2006-12-13|
|Date Last Updated:||2006-12-15 18:56 UTC|