DGbook HTML Injection Vulnerabilities
BID:18310
CVE-2006-2572 |Info
DGbook HTML Injection Vulnerabilities
| Bugtraq ID: | 18310 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | May 23 2006 12:00AM |
| Updated: | Jun 12 2006 06:31PM |
| Credit: | Luny is credited with discovering this vulnerability. |
| Vulnerable: |
Dian Gemilang DGbook 1.0 |
| Not Vulnerable: | |
Discussion
DGbook HTML Injection Vulnerabilities
DGbook is prone to multiple HTML-injection vulnerabilities because it fails to properly sanitize HTML and script code from user-supplied input to the Name, Homepage, and Address fields.
An attacker could exploit this vulnerability to inject hostile HTML and script code into the browser session of other users of the application.
DGbook is prone to multiple HTML-injection vulnerabilities because it fails to properly sanitize HTML and script code from user-supplied input to the Name, Homepage, and Address fields.
An attacker could exploit this vulnerability to inject hostile HTML and script code into the browser session of other users of the application.
Exploit / POC
DGbook HTML Injection Vulnerabilities
This issue can be exploited with a web browser.
This issue can be exploited with a web browser.
Solution / Fix
DGbook HTML Injection Vulnerabilities
Solution:
Vendor reportedly will address the issues in the next release of the software.
Solution:
Vendor reportedly will address the issues in the next release of the software.
References
DGbook HTML Injection Vulnerabilities
References:
References:
- DGbook (Dian Gemilang)
- DGbook (Dian Gemilang Group)
- DGbook ([email protected])