YourFreeWorld Stylish Text Ads Script Multiple HTML Injection Vulnerabilities

Bugtraq ID:	18044
Class:	Input Validation Error
CVE:	CVE-2006-2508
Remote:	Yes
Local:	No
Published:	May 19 2006 12:00AM
Updated:	Apr 29 2008 07:26PM
Credit:	luny is credited with the discovery of these vulnerabilities.
Vulnerable:	YourFreeWorld Stylish Text Ads Script 0
Not Vulnerable:

YourFreeWorld Stylish Text Ads Script Multiple HTML Injection Vulnerabilities

Stylish Text Ads Script is prone to multiple HTML-injection vulnerabilities because it fails to properly sanitize user-supplied input before using it in dynamically generated content.

Attacker-supplied HTML and script code would be executed in the context of the affected website, potentially allowing an attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.

YourFreeWorld Stylish Text Ads Script Multiple HTML Injection Vulnerabilities

These issues can be exploited through a web client.

YourFreeWorld Stylish Text Ads Script Multiple HTML Injection Vulnerabilities

Solution:
The vendor has released an update. Please contact the vendor for information on how to obtain and apply this update.

YourFreeWorld Stylish Text Ads Script Multiple HTML Injection Vulnerabilities

References:

• Stylish Text Ads Script Page (YourFreeWorld)
  
• Re: Yourfreeworld Styleish Text Ads Script ([email protected])
  
• Yourfreeworld Styleish Text Ads Script (luny)