MyShoutbox Unspecified HTML Injection Vulnerability
BID:22132
Info
MyShoutbox Unspecified HTML Injection Vulnerability
| Bugtraq ID: | 22132 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 19 2007 12:00AM |
| Updated: | Jan 25 2007 04:13PM |
| Credit: | DoZ is credited with the discovery of this vulnerability. |
| Vulnerable: |
MyShoutBox MyShoutBox 0 |
| Not Vulnerable: | |
Discussion
MyShoutbox Unspecified HTML Injection Vulnerability
MyShoutbox is prone to an HTML-injection vulnerability because it fails to sufficiently sanitize user-supplied input data.
Exploiting this issue may allow an attacker to execute HTML and script code in the context of the affected site, to steal cookie-based authentication credentials, or to control how the site is rendered to the user; other attacks are also possible.
MyShoutbox is prone to an HTML-injection vulnerability because it fails to sufficiently sanitize user-supplied input data.
Exploiting this issue may allow an attacker to execute HTML and script code in the context of the affected site, to steal cookie-based authentication credentials, or to control how the site is rendered to the user; other attacks are also possible.
Exploit / POC
MyShoutbox Unspecified HTML Injection Vulnerability
Attackers can exploit this issue via a web client.
Attackers can exploit this issue via a web client.
Solution / Fix
MyShoutbox Unspecified HTML Injection Vulnerability
Solution:
Currently we are not aware of any fixes for these issues. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
Solution:
Currently we are not aware of any fixes for these issues. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
References
MyShoutbox Unspecified HTML Injection Vulnerability
References:
References: