CPAN WWW::Form HTML Injection Vulnerability
BID:9526
Info
CPAN WWW::Form HTML Injection Vulnerability
| Bugtraq ID: | 9526 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 29 2004 12:00AM |
| Updated: | Jan 29 2004 12:00AM |
| Credit: | The disclosure of this issue has been credited to Shlomi Fish <[email protected]>. |
| Vulnerable: |
CPAN WWW::Form 1.12 |
| Not Vulnerable: |
CPAN WWW::Form 1.13 |
Discussion
CPAN WWW::Form HTML Injection Vulnerability
It has been reported that CPAN WWW::Form may be prone to a HTML injection vulnerability that may allow a remote attacker to execute HTML and script code in a user's browser. The problem is reported to exist due to improper sanitizing of user-supplied data.
CPAN WWW::Form versions 1.12 and prior have been reported to be vulnerable to this issue.
It has been reported that CPAN WWW::Form may be prone to a HTML injection vulnerability that may allow a remote attacker to execute HTML and script code in a user's browser. The problem is reported to exist due to improper sanitizing of user-supplied data.
CPAN WWW::Form versions 1.12 and prior have been reported to be vulnerable to this issue.
Exploit / POC
CPAN WWW::Form HTML Injection Vulnerability
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution / Fix
CPAN WWW::Form HTML Injection Vulnerability
Solution:
It has been reported that WWW::Form 1.13 is not vulnerable to this issue. Users are advised to obtain the fixed version.
Solution:
It has been reported that WWW::Form 1.13 is not vulnerable to this issue. Users are advised to obtain the fixed version.
References
CPAN WWW::Form HTML Injection Vulnerability
References:
References: