PHProjekt Chatroom Text Submission HTML Injection Vulnerability

Bugtraq ID:	13286
Class:	Input Validation Error
CVE:
Remote:	Yes
Local:	No
Published:	Apr 20 2005 12:00AM
Updated:	Apr 20 2005 12:00AM
Credit:	Discovery credited to Secure Science Corporation.
Vulnerable:	PHProjekt PHProjekt 4.2 PHProjekt PHProjekt 3.2 a PHProjekt PHProjekt 3.2 - Apache Apache 1.3.24 - Apache Apache 1.3.24 - Apache Apache 1.3.23 - Apache Apache 1.3.23 - Apache Apache 1.3.22 - Apache Apache 1.3.22 - Apache Apache 1.3.20 - Apache Apache 1.3.20 - Apache Apache 1.3.19 - Apache Apache 1.3.19 PHProjekt PHProjekt 3.1 a PHProjekt PHProjekt 3.1 PHProjekt PHProjekt 3.0 - Apache Apache 1.3.24 - Apache Apache 1.3.24 - Apache Apache 1.3.23 - Apache Apache 1.3.23 - Apache Apache 1.3.22 - Apache Apache 1.3.22 - Apache Apache 1.3.20 - Apache Apache 1.3.20 - Apache Apache 1.3.19 - Apache Apache 1.3.19 PHProjekt PHProjekt 2.4 a - Debian Linux 2.2 - FreeBSD FreeBSD 4.2 - FreeBSD FreeBSD 3.5.1 - HP HP-UX 11.11 - HP HP-UX 11.0 - HP HP-UX 10.20 - Mandriva Linux Mandrake 8.0 - Mandriva Linux Mandrake 7.2 - Mandriva Linux Mandrake 7.1 - Microsoft Windows 2000 Professional - Microsoft Windows NT 4.0 - OpenBSD OpenBSD 2.9 - OpenBSD OpenBSD 2.8 - OpenBSD OpenBSD 2.7 - Redhat Linux 7.1 - Redhat Linux 7.0 - Redhat Linux 6.2 - Sun Solaris 8_sparc - Sun Solaris 7.0 - Sun Solaris 2.6 - SuSE Linux 7.1 - SuSE Linux 7.0 PHProjekt PHProjekt 2.4 - Debian Linux 2.2 - FreeBSD FreeBSD 4.2 - FreeBSD FreeBSD 3.5.1 - HP HP-UX 11.11 - HP HP-UX 11.0 - HP HP-UX 10.20 - Mandriva Linux Mandrake 8.0 - Mandriva Linux Mandrake 7.2 - Mandriva Linux Mandrake 7.1 - Microsoft Windows 2000 Professional - Microsoft Windows NT 4.0 - OpenBSD OpenBSD 2.9 - OpenBSD OpenBSD 2.8 - OpenBSD OpenBSD 2.7 - Redhat Linux 7.1 - Redhat Linux 7.0 - Redhat Linux 6.2 - Sun Solaris 8_sparc - Sun Solaris 7.0 - Sun Solaris 2.6 - SuSE Linux 7.1 - SuSE Linux 7.0 PHProjekt PHProjekt 2.3 - Debian Linux 2.2 - FreeBSD FreeBSD 4.2 - FreeBSD FreeBSD 3.5.1 - HP HP-UX 11.11 - HP HP-UX 11.0 - HP HP-UX 10.20 - Mandriva Linux Mandrake 8.0 - Mandriva Linux Mandrake 7.2 - Mandriva Linux Mandrake 7.1 - Microsoft Windows 2000 Professional - Microsoft Windows NT 4.0 - OpenBSD OpenBSD 2.9 - OpenBSD OpenBSD 2.8 - OpenBSD OpenBSD 2.7 - Redhat Linux 7.1 - Redhat Linux 7.0 - Redhat Linux 6.2 - Sun Solaris 8_sparc - Sun Solaris 7.0 - Sun Solaris 2.6 - SuSE Linux 7.1 - SuSE Linux 7.0 PHProjekt PHProjekt 2.2 - Debian Linux 2.2 - FreeBSD FreeBSD 4.2 - FreeBSD FreeBSD 3.5.1 - HP HP-UX 11.11 - HP HP-UX 11.0 - HP HP-UX 10.20 - Mandriva Linux Mandrake 8.0 - Mandriva Linux Mandrake 7.2 - Mandriva Linux Mandrake 7.1 - Microsoft Windows 2000 Professional - Microsoft Windows NT 4.0 - OpenBSD OpenBSD 2.9 - OpenBSD OpenBSD 2.8 - OpenBSD OpenBSD 2.7 - Redhat Linux 7.1 - Redhat Linux 7.0 - Redhat Linux 6.2 - Sun Solaris 8_sparc - Sun Solaris 7.0 - Sun Solaris 2.6 - SuSE Linux 7.1 - SuSE Linux 7.0 PHProjekt PHProjekt 2.1 a - Debian Linux 2.2 - FreeBSD FreeBSD 4.2 - FreeBSD FreeBSD 3.5.1 - HP HP-UX 11.11 - HP HP-UX 11.0 - HP HP-UX 10.20 - Mandriva Linux Mandrake 8.0 - Mandriva Linux Mandrake 7.2 - Mandriva Linux Mandrake 7.1 - Microsoft Windows 2000 Professional - Microsoft Windows NT 4.0 - OpenBSD OpenBSD 2.9 - OpenBSD OpenBSD 2.8 - OpenBSD OpenBSD 2.7 - Redhat Linux 7.1 - Redhat Linux 7.0 - Redhat Linux 6.2 - Sun Solaris 8_sparc - Sun Solaris 7.0 - Sun Solaris 2.6 - SuSE Linux 7.1 - SuSE Linux 7.0 PHProjekt PHProjekt 2.1 - Debian Linux 2.2 - FreeBSD FreeBSD 4.2 - FreeBSD FreeBSD 3.5.1 - HP HP-UX 11.11 - HP HP-UX 11.0 - HP HP-UX 10.20 - Mandriva Linux Mandrake 8.0 - Mandriva Linux Mandrake 7.2 - Mandriva Linux Mandrake 7.1 - Microsoft Windows 2000 Professional - Microsoft Windows NT 4.0 - OpenBSD OpenBSD 2.9 - OpenBSD OpenBSD 2.8 - OpenBSD OpenBSD 2.7 - Redhat Linux 7.1 - Redhat Linux 7.0 - Redhat Linux 6.2 - Sun Solaris 8_sparc - Sun Solaris 7.0 - Sun Solaris 2.6 - SuSE Linux 7.1 - SuSE Linux 7.0 PHProjekt PHProjekt 2.0.1 - Debian Linux 2.2 - FreeBSD FreeBSD 4.2 - FreeBSD FreeBSD 3.5.1 - HP HP-UX 11.11 - HP HP-UX 11.0 - HP HP-UX 10.20 - Mandriva Linux Mandrake 8.0 - Mandriva Linux Mandrake 7.2 - Mandriva Linux Mandrake 7.1 - Microsoft Windows 2000 Professional - Microsoft Windows NT 4.0 - OpenBSD OpenBSD 2.9 - OpenBSD OpenBSD 2.8 - OpenBSD OpenBSD 2.7 - Redhat Linux 7.1 - Redhat Linux 7.0 - Redhat Linux 6.2 - Sun Solaris 8_sparc - Sun Solaris 7.0 - Sun Solaris 2.6 - SuSE Linux 7.1 - SuSE Linux 7.0 PHProjekt PHProjekt 2.0 - Debian Linux 2.2 - FreeBSD FreeBSD 4.2 - FreeBSD FreeBSD 3.5.1 - HP HP-UX 11.11 - HP HP-UX 11.0 - HP HP-UX 10.20 - Mandriva Linux Mandrake 8.0 - Mandriva Linux Mandrake 7.2 - Mandriva Linux Mandrake 7.1 - Microsoft Windows 2000 Professional - Microsoft Windows NT 4.0 - OpenBSD OpenBSD 2.9 - OpenBSD OpenBSD 2.8 - OpenBSD OpenBSD 2.7 - Redhat Linux 7.1 - Redhat Linux 7.0 - Redhat Linux 6.2 - Sun Solaris 8_sparc - Sun Solaris 7.0 - Sun Solaris 2.6 - SuSE Linux 7.1 - SuSE Linux 7.0
Not Vulnerable:

PHProjekt Chatroom Text Submission HTML Injection Vulnerability

PHProjekt is prone to an HTML injection vulnerability in the Chatroom text submission form. The application fails to sanitize user-supplied input that is in turn displayed to all users of the chatroom.

An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.

PHProjekt Chatroom Text Submission HTML Injection Vulnerability

An exploit is not required.

PHProjekt Chatroom Text Submission HTML Injection Vulnerability

Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.

PHProjekt Chatroom Text Submission HTML Injection Vulnerability

References:

• PHProjekt Homepage (PHProjekt Team)
  
• Secure Science Corporation Application Software Advisory 055 (SSC Advisory Notice )