Report Issue
Learn testing Testers Explore Bugs Share a Bug About Widget
Our community has revealed 1000s bugs of public apps >>

Social Testing

Once you report a bug, you get a chance to take part in private bug contests and bounties - simply join BugPub LinkedIn Group
gemsbarbados.com - The guestbook sign form has XSS vulerability

Gems Of Barbados Hotels : gemsbarbados.com

Bug Id: 300 The guestbook sign form has XSS vulerability
Created On
1 year ago
Last Updated On
December 15, 2011 03:56:15 PM
Discovered On
December 15, 2011		Details

Follow the steps described below to reproduce the security vulnerability:

1. Go to http://www.gemsbarbados.com/guestbook.asp?sign
2. Enter the script written below in the Name text field:
script>alert('This Site is vulnerable to XSS');
3. Enter the script written below in the message area:
XSS ATTACK by AMIT
4. Submit the form by clicking Sign guestbook button.

It will show the javascript alert and will also execute the blink command. So the site has security bleach.

Version
Reported By

My Bugs (8)
Severity
Major		Links and Embedded
Status
Open		Components
Test Type
Security		Operating Systems
Windows 7

Browsers
Firefox 8.0

Hardware
Outcome
Vulnerability		Locales
Bangladesh

Geo Locations

Languages
English
Bookmark and Share



Available Status updates per Bug workflow
Comment
Email me on changes on (only one valid address is allowed)
DISCLAIMER: BugPub.com will never read, store or transfer for disclosure Your LinkedIn information including your password (we rely on LinkedIn API only). We only store your LinkedIn public ID. See also our Privacy Policy


Updates


There are no updates found for this Bug


Learn testing Share a Bug Explore Bugs Community Contests FAQ About Terms and Conditions NDA

BugPub on LinkedIn BugPub on Facebook Bugpub on twitter