WB News '/base/Comments.php' HTML Injection Vulnerability
BID:39626
Info
WB News '/base/Comments.php' HTML Injection Vulnerability
| Bugtraq ID: | 39626 |
| Class: | Input Validation Error |
| CVE: |
CVE-2010-1712 |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 21 2010 12:00AM |
| Updated: | Apr 13 2015 09:02PM |
| Credit: | ITSecTeam |
| Vulnerable: |
WebMobo WB News 2.3.3 |
| Not Vulnerable: | |
Discussion
WB News '/base/Comments.php' HTML Injection Vulnerability
WB News is prone to an HTML-injection vulnerability because it fails to sufficiently sanitize user-supplied input data.
Attacker-supplied HTML or JavaScript code could run in the context of the affected site, potentially allowing an attacker to steal cookie-based authentication credentials and to control how the site is rendered to the user; other attacks are also possible.
WB News 2.3.3 is vulnerable; other versions may also be affected.
WB News is prone to an HTML-injection vulnerability because it fails to sufficiently sanitize user-supplied input data.
Attacker-supplied HTML or JavaScript code could run in the context of the affected site, potentially allowing an attacker to steal cookie-based authentication credentials and to control how the site is rendered to the user; other attacks are also possible.
WB News 2.3.3 is vulnerable; other versions may also be affected.
Exploit / POC
WB News '/base/Comments.php' HTML Injection Vulnerability
Attackers can use a browser to exploit this issue.
Attackers can use a browser to exploit this issue.
Solution / Fix
WB News '/base/Comments.php' HTML Injection Vulnerability
Solution:
Currently we are not aware of any vendor supplied patches. If you feel we are in error or if you are aware of any more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor supplied patches. If you feel we are in error or if you are aware of any more recent information, please mail us at: [email protected].