BID:51162

Government Site Builder 'videos.html' HTML Injection Vulnerability

Info

Government Site Builder 'videos.html' HTML Injection Vulnerability

Bugtraq ID:	51162
Class:	Input Validation Error
CVE:
Remote:	Yes
Local:	No
Published:	Dec 21 2011 12:00AM
Updated:	Dec 21 2011 12:00AM
Credit:	Alexander Fuchs
Vulnerable:	Government Site Builder Government Site Builder 4.1

Not Vulnerable:

Discussion

Government Site Builder 'videos.html' HTML Injection Vulnerability

Government Site Builder is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input.

Attacker-supplied HTML and script code could be executed in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials or control how the site is rendered to the user; other attacks are also possible.

Exploit / POC

Government Site Builder 'videos.html' HTML Injection Vulnerability

Attackers can use a browser to exploit this issue.

Solution / Fix

Government Site Builder 'videos.html' HTML Injection Vulnerability

Solution:
Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

References

Government Site Builder 'videos.html' HTML Injection Vulnerability

References:

Government Site Builder Cross Site Scripting Vulnerability (Vulnerability Research Laboratory)
Government Site Builder Homepage (Government Site Builder)