[This was originally published on OSVDB, now gone, and touched up slightly for style. VulnDB 23958]
From: security curmudgeon
To: todd(at)geekforgod.net
Date: Sun, 19 Mar 2006 20:40:21 -0500 (EST)
Subject: PRB small security vulnerabilityHey Todd,
When submitting a new prayer request (addRequest.php), the Request field doesn’t sanitize user input. This allows for cross-site scripting (XSS)
attacks. You can see a safe sample of it on the demo on geekforgod.net.Jericho