SafeHTML HTML Entity Bypass Vulnerability
BID:12288
Info
SafeHTML HTML Entity Bypass Vulnerability
| Bugtraq ID: | 12288 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 17 2005 12:00AM |
| Updated: | Jan 17 2005 12:00AM |
| Credit: | This issue was discovered by Christian Stocker. |
| Vulnerable: |
SafeHTML SafeHTML 1.2 SafeHTML SafeHTML 1.1 |
| Not Vulnerable: |
SafeHTML SafeHTML 1.2.1 |
Discussion
SafeHTML HTML Entity Bypass Vulnerability
It is reported that SafeHTML does not filter HTML entities in a proper manner. Failure to filter HTML content can result in the exploitation of various latent vulnerabilities in Web based applications. A successful attack may facilitate HTML injection or cross-site scripting type issues.
SafeHTML 1.2.0 and prior versions are affected by this issue.
It is reported that SafeHTML does not filter HTML entities in a proper manner. Failure to filter HTML content can result in the exploitation of various latent vulnerabilities in Web based applications. A successful attack may facilitate HTML injection or cross-site scripting type issues.
SafeHTML 1.2.0 and prior versions are affected by this issue.
Exploit / POC
SafeHTML HTML Entity Bypass Vulnerability
An exploit is not required.
An exploit is not required.
Solution / Fix
SafeHTML HTML Entity Bypass Vulnerability
Solution:
The vendor has released SafeHTML 1.2.1 to address this issue.
SafeHTML SafeHTML 1.1
SafeHTML SafeHTML 1.2
Solution:
The vendor has released SafeHTML 1.2.1 to address this issue.
SafeHTML SafeHTML 1.1
-
SafeHTML safehtml-1.2.1.tar.gz
http://freshmeat.net/redir/safehtml/50498/url_tgz/safehtml-1.2.1.tar.g z
SafeHTML SafeHTML 1.2
-
SafeHTML safehtml-1.2.1.tar.gz
http://freshmeat.net/redir/safehtml/50498/url_tgz/safehtml-1.2.1.tar.g z