ACS Blog Name Field HTML Injection Vulnerability
BID:12921
Info
ACS Blog Name Field HTML Injection Vulnerability
| Bugtraq ID: | 12921 |
| Class: | Input Validation Error |
| CVE: |
CVE-2005-0945 |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 28 2005 12:00AM |
| Updated: | Jul 12 2009 11:56AM |
| Credit: | Discovery is credited to Dan Crowley <[email protected]>. |
| Vulnerable: |
ASP Press ACS Blog 1.1.2 ASP Press ACS Blog 1.1.1 ASP Press ACS Blog 1.1 b ASP Press ACS Blog 1.1 ASP Press ACS Blog 1.0.3 ASP Press ACS Blog 1.0.2 ASP Press ACS Blog 1.0.1 ASP Press ACS Blog 1.0 ASP Press ACS Blog 0.9 ASP Press ACS Blog 0.8 |
| Not Vulnerable: |
ASP Press ACS Blog 1.1.3 |
Discussion
ACS Blog Name Field HTML Injection Vulnerability
ACS Blog is affected by an HTML injection vulnerability.
The issue affects the 'Name' field and may be exploited to execute arbitrary HTML and script code in the browser of the user when the user views an affected Web page.
ACS Blog is affected by an HTML injection vulnerability.
The issue affects the 'Name' field and may be exploited to execute arbitrary HTML and script code in the browser of the user when the user views an affected Web page.
Exploit / POC
ACS Blog Name Field HTML Injection Vulnerability
An exploit is not required to leverage this issue.
The following proof of concept is available:
Name: &lt;script&gt;alert("xss");&lt;/script&gt;
An exploit is not required to leverage this issue.
The following proof of concept is available:
Name: &lt;script&gt;alert("xss");&lt;/script&gt;
Solution / Fix
ACS Blog Name Field HTML Injection Vulnerability
Solution:
This issue has been addressed in ACS Blog 1.1.3.
ASP Press ACS Blog 0.8
ASP Press ACS Blog 0.9
ASP Press ACS Blog 1.0
ASP Press ACS Blog 1.0.1
ASP Press ACS Blog 1.0.2
ASP Press ACS Blog 1.0.3
ASP Press ACS Blog 1.1
ASP Press ACS Blog 1.1 b
ASP Press ACS Blog 1.1.1
ASP Press ACS Blog 1.1.2
Solution:
This issue has been addressed in ACS Blog 1.1.3.
ASP Press ACS Blog 0.8
-
ASP Press ACS Blog 1.1.3
http://www.asppress.com/entry.asp?entry_id=243
ASP Press ACS Blog 0.9
-
ASP Press ACS Blog 1.1.3
http://www.asppress.com/entry.asp?entry_id=243
ASP Press ACS Blog 1.0
-
ASP Press ACS Blog 1.1.3
http://www.asppress.com/entry.asp?entry_id=243
ASP Press ACS Blog 1.0.1
-
ASP Press ACS Blog 1.1.3
http://www.asppress.com/entry.asp?entry_id=243
ASP Press ACS Blog 1.0.2
-
ASP Press ACS Blog 1.1.3
http://www.asppress.com/entry.asp?entry_id=243
ASP Press ACS Blog 1.0.3
-
ASP Press ACS Blog 1.1.3
http://www.asppress.com/entry.asp?entry_id=243
ASP Press ACS Blog 1.1
-
ASP Press ACS Blog 1.1.3
http://www.asppress.com/entry.asp?entry_id=243
ASP Press ACS Blog 1.1 b
-
ASP Press ACS Blog 1.1.3
http://www.asppress.com/entry.asp?entry_id=243
ASP Press ACS Blog 1.1.1
-
ASP Press ACS Blog 1.1.3
http://www.asppress.com/entry.asp?entry_id=243
ASP Press ACS Blog 1.1.2
-
ASP Press ACS Blog 1.1.3
http://www.asppress.com/entry.asp?entry_id=243
References
ACS Blog Name Field HTML Injection Vulnerability
References:
References:
- ACS Blog Homepage (ASP Press)
- Security Update, Again... (ASP Press)