Seditio 'forums.php' Multiple HTML Injection Vulnerabilities
BID:52802
Info
Seditio 'forums.php' Multiple HTML Injection Vulnerabilities
| Bugtraq ID: | 52802 |
| Class: | Input Validation Error |
| CVE: |
CVE-2012-5914 |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 29 2012 12:00AM |
| Updated: | Jan 11 2013 01:00PM |
| Credit: | Akastep |
| Vulnerable: |
Neocrome Seditio 161 |
| Not Vulnerable: | |
Discussion
Seditio 'forums.php' Multiple HTML Injection Vulnerabilities
Seditio is prone to multiple HTML-injection vulnerabilities because the application fails to properly sanitize user-supplied input.
Successful exploits will result in the execution of arbitrary attacker-supplied HTML and script code in the context of the affected application, potentially allowing the attacker to steal cookie-based authentication credentials or control how the page is rendered to the user. Other attacks are also possible.
Seditio 161 is vulnerable; others may also be affected.
Seditio is prone to multiple HTML-injection vulnerabilities because the application fails to properly sanitize user-supplied input.
Successful exploits will result in the execution of arbitrary attacker-supplied HTML and script code in the context of the affected application, potentially allowing the attacker to steal cookie-based authentication credentials or control how the page is rendered to the user. Other attacks are also possible.
Seditio 161 is vulnerable; others may also be affected.
Exploit / POC
Seditio 'forums.php' Multiple HTML Injection Vulnerabilities
Attackers can use readily available tools to exploit these issues.
Attackers can use readily available tools to exploit these issues.
Solution / Fix
Seditio 'forums.php' Multiple HTML Injection Vulnerabilities
Solution:
Updates are available. Please see the references for more information.
Solution:
Updates are available. Please see the references for more information.
References
Seditio 'forums.php' Multiple HTML Injection Vulnerabilities
References:
References:
- Seditio Homepage (Neocrome)