[This was originally published on OSVDB, now gone. VulnDB ID 24255]
From: security curmudgeon
To: jflechtner[at]users.sourceforge.net
Date: Tue, 28 Mar 2006 11:25:02 -0500 (EST)
Subject: ARIA security issue
Hey Josh,
Not sure if you are still maintaining this project, but while playing with the demo I noticed a small security issue. The genmessage.php script doesn’t sanitize user input submitted to the Message Field (message variable) allowing for cross-site scripting (XSS) attacks. I didn’t test the other scripts so this may occur in other scripts.
Thanks,
Brian