Vulnerability Note VU#885665
MySpace fails to properly filter user-supplied content
The MySpace web site fails to properly filter user-supplied content, which may allow for cross-site scripting.
A wide range of impacts may be possible, including modification of content on the MySpace web site, disclosure of passwords or other personal information. Likewise, information stored in cookies could be stolen or corrupted. An attacker could also exploit web browser vulnerabilities that require scripting support, either directly or by redirecting to another web site.
We are currently unaware of a practical solution to this problem, however the following workarounds may help mitigate the vulnerability:
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|MySpace.com||Affected||12 Dec 2006||12 Dec 2006|
CVSS Metrics (Learn More)
Thanks to Petko D. Petkov of gnucitizen.org for reporting this vulnerability.
This document was written by Chris Taschner and Will Dormann.
- CVE IDs: Unknown
- Date Public: 07 Dec 2006
- Date First Published: 13 Dec 2006
- Date Last Updated: 15 Dec 2006
- Severity Metric: 9.58
- Document Revision: 12
If you have feedback, comments, or additional information about this vulnerability, please send us email.