MiniHTTPServer WebForums Forum HTML Injection Vulnerability
BID:9545
Info
MiniHTTPServer WebForums Forum HTML Injection Vulnerability
| Bugtraq ID: | 9545 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 02 2004 12:00AM |
| Updated: | Feb 02 2004 12:00AM |
| Credit: | Discovery of this vulnerability has been credited to Nimber <[email protected]>. |
| Vulnerable: |
Minihttp WebForum Server 1.6 Minihttp WebForum Server 1.5 Minihttp WebForum Server 1.0 |
| Not Vulnerable: | |
Discussion
MiniHTTPServer WebForums Forum HTML Injection Vulnerability
MiniHTTPServer WebForums Forum has been reported prone to a HTML Injection Vulnerability. A malicious remote attacker may use the forum post field "File Description:" when posting a file to the forum to inject arbitrary HTML into dynamically generated content. This issue is due to a lack of sufficient sanitization performed on the affected form fields.
MiniHTTPServer WebForums Forum versions 1.6 and prior have been reported to be affected by this issue.
MiniHTTPServer WebForums Forum has been reported prone to a HTML Injection Vulnerability. A malicious remote attacker may use the forum post field "File Description:" when posting a file to the forum to inject arbitrary HTML into dynamically generated content. This issue is due to a lack of sufficient sanitization performed on the affected form fields.
MiniHTTPServer WebForums Forum versions 1.6 and prior have been reported to be affected by this issue.
Exploit / POC
MiniHTTPServer WebForums Forum HTML Injection Vulnerability
No exploit is required.
No exploit is required.
Solution / Fix
MiniHTTPServer WebForums Forum HTML Injection Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
MiniHTTPServer WebForums Forum HTML Injection Vulnerability
References:
References:
- Mini HTTP Server Products Homepage (Mini HTTP Server)