Evo-Dev evoBlog Comment Post HTML Injection Vulnerability
BID:16983
Info
Evo-Dev evoBlog Comment Post HTML Injection Vulnerability
| Bugtraq ID: | 16983 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 06 2006 12:00AM |
| Updated: | Apr 24 2006 08:36PM |
| Credit: | Discovered by [email protected]. |
| Vulnerable: |
Evo-Dev evoBlog 0 |
| Not Vulnerable: | |
Discussion
Evo-Dev evoBlog Comment Post HTML Injection Vulnerability
Evo-Dev's evoBlog is prone to an HTML-injection vulnerability.
Attacker-supplied HTML and script code would be executed in the context of the affected website, potentially allowing for the theft of cookie-based authentication credentials. An attacker could also exploit this issue to control how the site is rendered to the user; other attacks are also possible.
Evo-Dev's evoBlog is prone to an HTML-injection vulnerability.
Attacker-supplied HTML and script code would be executed in the context of the affected website, potentially allowing for the theft of cookie-based authentication credentials. An attacker could also exploit this issue to control how the site is rendered to the user; other attacks are also possible.
Exploit / POC
Evo-Dev evoBlog Comment Post HTML Injection Vulnerability
Attackers may exploit this issue with a web browser.
Attackers may exploit this issue with a web browser.
Solution / Fix
Evo-Dev evoBlog Comment Post HTML Injection Vulnerability
Solution:
The vendor has addressed this issue. Contact the vendor for details on obtaining the fixed version of the application.
Solution:
The vendor has addressed this issue. Contact the vendor for details on obtaining the fixed version of the application.
References
Evo-Dev evoBlog Comment Post HTML Injection Vulnerability
References:
References: