Addressbook v8.1.24.1 Group Name XSS
Instructions.=0A=0AAfter authentication, click on the Group tab at the top.=
Click on the=0ANew Group Button on the group page.=0A=0AFor the group name=
(the first field) enter the following XSS test=0Astring:=0A=0A<SCRIPT&g=
t;alert(String.fromCharCode(88,83,83))</SCRIPT>=0A=0A=0AThen call the=
XSS string from the URL -- technically one calls the group=0Aname -- throu=
gh the group parameter as such:=0A=0Ahttp://[server]/index.php?group=3D%3CS=
CRIPT%3Ealert%28String.fromCharCode%2888%2C83%2C83%29%29%3C%2FSCRIPT%3E=0A=
=0AI emailed the apparent author but did not receive a reply.=0A=0A=0AKen=
=0Ahttp://silverbackventuresllc.com