Webcheck Username HTML Injection Vulnerability
BID:17212
Info
Webcheck Username HTML Injection Vulnerability
| Bugtraq ID: | 17212 |
| Class: | Input Validation Error |
| CVE: |
CVE-2006-1321 |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 23 2006 12:00AM |
| Updated: | Mar 24 2006 11:09PM |
| Credit: | Reported by the vendor. |
| Vulnerable: |
Webcheck Webcheck 1.9.5 |
| Not Vulnerable: |
Webcheck Webcheck 1.9.6 |
Discussion
Webcheck Username HTML Injection Vulnerability
Webcheck is affected by an HTML-injection vulnerability. The application may collect data from possibly malicious websites and may generate reports containing this data.
An administrative user who views the vulnerable sections of the site would have the attacker-supplied HTML and script code executed in the context of the administrative user's browser application.
Webcheck versions prior to 1.9.6 are vulnerable.
Webcheck is affected by an HTML-injection vulnerability. The application may collect data from possibly malicious websites and may generate reports containing this data.
An administrative user who views the vulnerable sections of the site would have the attacker-supplied HTML and script code executed in the context of the administrative user's browser application.
Webcheck versions prior to 1.9.6 are vulnerable.
Exploit / POC
Webcheck Username HTML Injection Vulnerability
This issue can be exploited with a web browser.
This issue can be exploited with a web browser.
Solution / Fix
Webcheck Username HTML Injection Vulnerability
Solution:
Version 1.9.6 has been released to address this issue.
Webcheck Webcheck 1.9.5
Solution:
Version 1.9.6 has been released to address this issue.
Webcheck Webcheck 1.9.5
-
Webcheck webcheck-1.9.6.tar.gz
http://ch.tudelft.nl/~arthur/webcheck/webcheck-1.9.6.tar.gz
References
Webcheck Username HTML Injection Vulnerability
References:
References:
- 2006-01-30 release 1.9.6 of webcheck (security update) (Webcheck)
- Webcheck Web Site (Webcheck)