Thyme Search Page HTML Injection Vulnerability
BID:17746
Info
Thyme Search Page HTML Injection Vulnerability
| Bugtraq ID: | 17746 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 29 2006 12:00AM |
| Updated: | Sep 11 2006 10:52PM |
| Credit: | O.U.T.L.A.W is credited with the discovery of this vulnerability. |
| Vulnerable: |
Extrosoft Thyme 1.3 |
| Not Vulnerable: | |
Discussion
Thyme Search Page HTML Injection Vulnerability
Thyme is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated content.
Attacker-supplied HTML and script code would be executed in the context of the affected website, potentially allowing an attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.
Thyme is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated content.
Attacker-supplied HTML and script code would be executed in the context of the affected website, potentially allowing an attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.
Exploit / POC
Thyme Search Page HTML Injection Vulnerability
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
Thyme Search Page HTML Injection Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]:[email protected].
Unconfirmed reports suggest that the vendor has addressed this issue. Users are advised to contact the vendor for more information.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]:[email protected].
Unconfirmed reports suggest that the vendor has addressed this issue. Users are advised to contact the vendor for more information.
References
Thyme Search Page HTML Injection Vulnerability
References:
References:
- Thyme Web Site (Extrosoft)
- Thyme 1.3 Cross Site Scripting ([email protected])