Quote:
Originally Posted by Chuck S  Not really sure there is no information on what they say the issue is
I am not sure why they classify the date field as a cross site security issue. This is not a field users in anyway input data too. |
On page two of the secunia advisory, there's a link to the original advisory. That has some samples of using date to show the document cookie, hence the XSS designation.
One of their examples is:
http://www.techimo.com/reviews/showproduct.php?product=473&cat=24&date="><script>alert(document.cookie);</script>
which shows the cookie.