TamperData Firefox Plugin HTML Injection Vulnerability
BID:30394
Info
TamperData Firefox Plugin HTML Injection Vulnerability
| Bugtraq ID: | 30394 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Jul 27 2008 12:00AM |
| Updated: | Jul 28 2008 08:07PM |
| Credit: | Roee Hay |
| Vulnerable: |
TamperData TamperData 10.0.4 |
| Not Vulnerable: |
TamperData TamperData 10.1 |
Discussion
TamperData Firefox Plugin HTML Injection Vulnerability
TamperData is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated content.
Attacker-supplied HTML and script code would run in the context of the affected browser, potentially allowing the attacker to steal potentially sensitive information or to control how the site is rendered to the user. Other attacks are also possible.
TamperData 10.0.4 is vulnerable; other versions may also be affected.
TamperData is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated content.
Attacker-supplied HTML and script code would run in the context of the affected browser, potentially allowing the attacker to steal potentially sensitive information or to control how the site is rendered to the user. Other attacks are also possible.
TamperData 10.0.4 is vulnerable; other versions may also be affected.
Exploit / POC
TamperData Firefox Plugin HTML Injection Vulnerability
Attackers can use a browser to exploit this issue.
Attackers can use a browser to exploit this issue.
Solution / Fix
TamperData Firefox Plugin HTML Injection Vulnerability
Solution:
The vendor has released updates. Please see the references for more information.
Solution:
The vendor has released updates. Please see the references for more information.