Type: Non-persistent
Criteria: None
http://bbs.ijji.com/boardView.nhn?themeName=black&width=alert(String.fromCharCode(120,115,115))
The vulnerability lies entirely within the variable width, which should only accept integer values, and of a restricted size (2-4 digits). The parameter is also pushed directly into a JavaScript eval function, which was dangerous decision.
Advertisement
