Kloxo HostInABox 575 - XSS



DESCRIPTION


Several XSS issues were discovered in Kloxo.



IMPACT


XSS. Yawn.

:7778/display.php?frm_action=<XSS>
:7778/display.php?frm_action=delete&frm_o_cname=<XSS>


Note: Kloxo did attempt to mitigate the threat of cookie theft by associating the user's IP address into their session.