Neuron Blog Multiple HTML Injection Vulnerabilities
BID:17552
Info
Neuron Blog Multiple HTML Injection Vulnerabilities
| Bugtraq ID: | 17552 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 17 2006 12:00AM |
| Updated: | Apr 19 2006 10:26PM |
| Credit: | Qex is credited with the discovery of these vulnerabilities. |
| Vulnerable: |
Neuron Blog Neuron Blog 1.1 |
| Not Vulnerable: | |
Discussion
Neuron Blog Multiple HTML Injection Vulnerabilities
Neuron Blog is prone to multiple HTML-injection vulnerabilities; the application fails to properly sanitize user-supplied input before using it in dynamically generated content.
Attacker-supplied HTML and script code would be executed in the context of the affected website, potentially allowing an attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.
Neuron Blog 1.1 and prior are vulnerable.
Neuron Blog is prone to multiple HTML-injection vulnerabilities; the application fails to properly sanitize user-supplied input before using it in dynamically generated content.
Attacker-supplied HTML and script code would be executed in the context of the affected website, potentially allowing an attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.
Neuron Blog 1.1 and prior are vulnerable.
Exploit / POC
Neuron Blog Multiple HTML Injection Vulnerabilities
This issue can be exploited via a web client.
This issue can be exploited via a web client.
Solution / Fix
Neuron Blog Multiple HTML Injection Vulnerabilities
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]:[email protected]
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]:[email protected]