CVE-2004-0310 Information

Description

Cross-site scripting (XSS) vulnerability in LiveJournal 1.0 and 1.1 allows remote attackers to execute Javascript as other users via the stylesheet which does not strip the semicolon or parentheses as demonstrated using a background:url.

Reference

http://marc.info/?l=bugtraq&m=107722627800820&w=2 http://www.securityfocus.com/bid/9700 https://exchange.xforce.ibmcloud.com/vulnerabilities/15268 livejournal-url-xss(15268) Cross-site scripting (XSS) vulnerability in LiveJournal 1.0 and 1.1 allows remote attackers to execute Javascript as other users via the stylesheet which does not strip the semicolon or parentheses as demonstrated using a background:url.