CMS Mundo HTML Injection Vulnerability
BID:18316
CVE-2006-2684 |Info
CMS Mundo HTML Injection Vulnerability
| Bugtraq ID: | 18316 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | May 25 2006 12:00AM |
| Updated: | Jun 07 2006 09:52PM |
| Credit: | Luny is credited with discovering this vulnerability. |
| Vulnerable: |
hotwebscripts CMS Mundo 1.0 |
| Not Vulnerable: | |
Discussion
CMS Mundo HTML Injection Vulnerability
CMS Mundo is prone to an HTML-injection vulnerability because it fails to properly sanitize HTML and script code from user-supplied input to the search form input box.
An attacker could exploit this vulnerability to inject hostile HTML and script code into the browser session of other users of the application.
CMS Mundo is prone to an HTML-injection vulnerability because it fails to properly sanitize HTML and script code from user-supplied input to the search form input box.
An attacker could exploit this vulnerability to inject hostile HTML and script code into the browser session of other users of the application.
Exploit / POC
CMS Mundo HTML Injection Vulnerability
This issue can be exploited with a web browser.
This issue can be exploited with a web browser.
Solution / Fix
CMS Mundo HTML Injection Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]