WebcamXP Chat Name HTML Code Injection Vulnerability
BID:13250
Info
WebcamXP Chat Name HTML Code Injection Vulnerability
| Bugtraq ID: | 13250 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 19 2005 12:00AM |
| Updated: | Apr 19 2005 12:00AM |
| Credit: | Discovery of this vulnerability has been credited to Donnie Werner <[email protected]>. |
| Vulnerable: |
Darkwet WebCam XP 1.7.80 |
| Not Vulnerable: | |
Discussion
WebcamXP Chat Name HTML Code Injection Vulnerability
A problem with WebcamXP Chat page could allow remote users to execute arbitrary code in the context of the web site running WebcamXP Chat. The problem occurs due to the lack of sanitization performed on user-supplied input.
As a result, a malicious user may have the ability to submit a post to the site containing embedded HTML code. This code would be executed by a user's browser in the context of the vulnerable site.
It should be noted that although this vulnerability has been reported to affect WebcamXP version 1.07.80, previous versions might also be affected.
A problem with WebcamXP Chat page could allow remote users to execute arbitrary code in the context of the web site running WebcamXP Chat. The problem occurs due to the lack of sanitization performed on user-supplied input.
As a result, a malicious user may have the ability to submit a post to the site containing embedded HTML code. This code would be executed by a user's browser in the context of the vulnerable site.
It should be noted that although this vulnerability has been reported to affect WebcamXP version 1.07.80, previous versions might also be affected.
Exploit / POC
WebcamXP Chat Name HTML Code Injection Vulnerability
There is no exploit required.
There is no exploit required.
Solution / Fix
WebcamXP Chat Name HTML Code Injection Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.