BID:13254

JAWS Glossary HTML Injection Vulnerability

Info

JAWS Glossary HTML Injection Vulnerability

Bugtraq ID:	13254
Class:	Input Validation Error
CVE:
Remote:	Yes
Local:	No
Published:	Apr 19 2005 12:00AM
Updated:	Apr 19 2005 12:00AM
Credit:	Discovered by Paulino Calderon.
Vulnerable:	JAWS JAWS 0.5 beta2 JAWS JAWS 0.4 JAWS JAWS 0.3

Not Vulnerable:

Discussion

JAWS Glossary HTML Injection Vulnerability

JAWS is prone to an HTML injection vulnerability in the Glossary module. The module fails to sanitize user-supplied input.

An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.

Exploit / POC

JAWS Glossary HTML Injection Vulnerability

An exploit is not required.

Solution / Fix

JAWS Glossary HTML Injection Vulnerability

Solution:
A fix to address this issue is available in the svn repository version.

References

JAWS Glossary HTML Injection Vulnerability

References:

JAWS Homepage (JAWS)