Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!

TUCoPS :: Web :: General :: web5028.htm

Plumtree Corporate Portal cross site scripting vulnerability
25th Jan 2002 [SBWID-5028]

	Plumtree Corporate Portal cross site scripting vulnerability


	Corporate Portal versions 4.5, 4.0, 4.0SP1, 4.0i, 4.0iSP1, and 3.5


	Ed Moyle posted :

	Plumtree Corporate Portal  supplies  an  error  information  page  named
	error.asp, which by default is accessed through :



	The second parameter supplied to error.asp is a textual  description  of
	the error message that will be shown in the resulting  error  web  page.
	This textual parameter may  be  modified  to  include  rogue  script  on
	affected installations.


	Get Corporate Portal 4.5 Service Pack 1 and 4.0 SP1 Hotfix 6.


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2015 AOH