Selenium Web Server 1.0 - Cross-Site Scripting

Author: Greg Linares
type: remote
platform: windows
port: 
date_added: 2006-11-15  
date_updated: 2013-10-18  
verified: 1  
codes: CVE-2006-6124;OSVDB-30454  
tags:   
aliases:   
screenshot_url:   
application_url:   

raw file: 29045.txt  

source: https://www.securityfocus.com/bid/21100/info

Biba Selenium Web Server is prone to a cross-site scripting because the application fails to sufficiently sanitize user-supplied input.

An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may lead to other attacks.

http://www.example.com/%3Cscript%3Ealert('CSS_Vulnerable')%3C/script%3E