ZeroCMS CVE-2014-4710 Multiple HTML Injection Vulnerabilities
BID:68935
Info
ZeroCMS CVE-2014-4710 Multiple HTML Injection Vulnerabilities
| Bugtraq ID: | 68935 |
| Class: | Input Validation Error |
| CVE: |
CVE-2014-4710 |
| Remote: | Yes |
| Local: | No |
| Published: | Jul 25 2014 12:00AM |
| Updated: | Jul 25 2014 12:00AM |
| Credit: | Mayuresh Dani |
| Vulnerable: |
Another Awesome Stuff ZeroCMS 1.0 |
| Not Vulnerable: | |
Discussion
ZeroCMS CVE-2014-4710 Multiple HTML Injection Vulnerabilities
ZeroCMS is prone to multiple HTML-injection vulnerabilities because it fails to sanitize user-supplied input.
Attacker supplied HTML and script code could be executed in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials or control how the site is rendered to the user; other attacks are also possible.
ZeroCMS 1.0 is vulnerable; other versions may also be affected.
ZeroCMS is prone to multiple HTML-injection vulnerabilities because it fails to sanitize user-supplied input.
Attacker supplied HTML and script code could be executed in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials or control how the site is rendered to the user; other attacks are also possible.
ZeroCMS 1.0 is vulnerable; other versions may also be affected.