Subject Search Server Search For Variable HTML Injection Vulnerability
BID:13574
Info
Subject Search Server Search For Variable HTML Injection Vulnerability
| Bugtraq ID: | 13574 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | May 10 2005 12:00AM |
| Updated: | May 10 2005 12:00AM |
| Credit: | Discovery is credited to Dr_insane. |
| Vulnerable: |
Kryloff Technologies Subject Search Server 1.1 |
| Not Vulnerable: | |
Discussion
Subject Search Server Search For Variable HTML Injection Vulnerability
Subject Search Server is prone to an HTML injection vulnerability.
The source of this issue is that HTML and script code is not properly sanitized from user-supplied input before being output in a dynamically generated Web page. The malicious input may then be rendered in the browser of the user who visits the page containing the input.
Subject Search Server is prone to an HTML injection vulnerability.
The source of this issue is that HTML and script code is not properly sanitized from user-supplied input before being output in a dynamically generated Web page. The malicious input may then be rendered in the browser of the user who visits the page containing the input.
Exploit / POC
Subject Search Server Search For Variable HTML Injection Vulnerability
There is no exploit required.
There is no exploit required.
Solution / Fix
Subject Search Server Search For Variable HTML Injection Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
Subject Search Server Search For Variable HTML Injection Vulnerability
References:
References:
- Subject Search Server Homepage (Kryloff Technologies)