PHP Kobo Multifunctional MailForm Free Cross Site Scripting Vulnerability
BID:68907
Info
PHP Kobo Multifunctional MailForm Free Cross Site Scripting Vulnerability
| Bugtraq ID: | 68907 |
| Class: | Input Validation Error |
| CVE: |
CVE-2014-3894 |
| Remote: | Yes |
| Local: | No |
| Published: | Jul 16 2014 12:00AM |
| Updated: | Jul 16 2014 12:00AM |
| Credit: | Vendor reported this issue. |
| Vulnerable: |
PHP Kobo Multifunctional MailForm Free 0 |
| Not Vulnerable: | |
Discussion
PHP Kobo Multifunctional MailForm Free Cross Site Scripting Vulnerability
PHP Kobo Multifunctional MailForm Free is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
PHP Kobo Multifunctional MailForm Free is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
Exploit / POC
PHP Kobo Multifunctional MailForm Free Cross Site Scripting Vulnerability
Attackers can exploit this issue by enticing an unsuspecting victim to follow a malicious URI.
Attackers can exploit this issue by enticing an unsuspecting victim to follow a malicious URI.
References
PHP Kobo Multifunctional MailForm Free Cross Site Scripting Vulnerability
References:
References:
- PHP Kobo homepage (PHP kobo)
- Multifunctional MailForm Free vulnerable to cross-site scripting (JPCERT)