|
Description
|
|
Two vulnerabilities have been identified in ICQ Toolbar, which could be exploited by remote attackers to manipulte certain information or execute arbitrary scripting code.
The first issue is due to an error where the configuration web page "options2.html" is not validated before being loaded from a web site, which could be exploited by attackers to alter or modify non-critical configuration information by tricking a user into visiting a malicious website.
The second flaw is due to an error in the RSS module that does not validate the "title" and "description" fields, which could be exploited by malicious web sites to cause arbitrary HTML and scripting code to be executed in the security context of an affected application.
|
