Winn Guestbook 'name' Parameter HTML Injection Vulnerability
BID:51232
Info
Winn Guestbook 'name' Parameter HTML Injection Vulnerability
| Bugtraq ID: | 51232 |
| Class: | Input Validation Error |
| CVE: |
CVE-2011-5026 |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 02 2012 12:00AM |
| Updated: | Jan 02 2012 12:00AM |
| Credit: | G13 |
| Vulnerable: |
Winn Guestbook Winn Guestbook 2.4.8c |
| Not Vulnerable: |
Winn Guestbook Winn Guestbook 2.4.8d |
Discussion
Winn Guestbook 'name' Parameter HTML Injection Vulnerability
Winn Guestbook is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input.
Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or control how the site is rendered to the user. Other attacks are also possible.
Winn Guestbook 2.4.8c is vulnerable; other versions may also be affected.
Winn Guestbook is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input.
Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or control how the site is rendered to the user. Other attacks are also possible.
Winn Guestbook 2.4.8c is vulnerable; other versions may also be affected.
Solution / Fix
Winn Guestbook 'name' Parameter HTML Injection Vulnerability
Solution:
Updates are available; please see the references for more information.
Solution:
Updates are available; please see the references for more information.