VideoDB Unspecified HTML Injection Vulnerability
BID:12221
Info
VideoDB Unspecified HTML Injection Vulnerability
| Bugtraq ID: | 12221 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 11 2005 12:00AM |
| Updated: | Jan 11 2005 12:00AM |
| Credit: | This vulnerability was announced by the vendor. |
| Vulnerable: |
VideoDB VideoDB 2.0 .0 |
| Not Vulnerable: |
VideoDB VideoDB 2.0.2 |
Discussion
VideoDB Unspecified HTML Injection Vulnerability
VideoDB version 2.0.0 and earlier are reportedly affected by an unspecified HTML injection vulnerability. This is due to the application failing to properly sanitize user-supplied input prior to including it in dynamically generated content.
The attacker-supplied HTML and script code would be able to access properties of the site, potentially allowing for theft of cookie-based authentication credentials. An attacker could also exploit this issue to control how the site is rendered to the user, other attacks are also possible.
VideoDB version 2.0.0 and earlier are reportedly affected by an unspecified HTML injection vulnerability. This is due to the application failing to properly sanitize user-supplied input prior to including it in dynamically generated content.
The attacker-supplied HTML and script code would be able to access properties of the site, potentially allowing for theft of cookie-based authentication credentials. An attacker could also exploit this issue to control how the site is rendered to the user, other attacks are also possible.
Exploit / POC
VideoDB Unspecified HTML Injection Vulnerability
No exploit is required.
No exploit is required.
Solution / Fix
VideoDB Unspecified HTML Injection Vulnerability
Solution:
The vendor has addressed this issue in VideoDB 2.0.2.
VideoDB VideoDB 2.0 .0
Solution:
The vendor has addressed this issue in VideoDB 2.0.2.
VideoDB VideoDB 2.0 .0
-
VideoDB videodb-2_0_2.tgz
http://prdownloads.sourceforge.net/videodb/videodb-2_0_2.tgz?download