Hibyte HiGuest Message Field HTML Injection Vulnerability
BID:9955
Info
Hibyte HiGuest Message Field HTML Injection Vulnerability
| Bugtraq ID: | 9955 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 23 2004 12:00AM |
| Updated: | Mar 23 2004 12:00AM |
| Credit: | Discovery is credited to "ShelzZ" <[email protected]>. |
| Vulnerable: |
Hibyte HiGuest |
| Not Vulnerable: | |
Discussion
Hibyte HiGuest Message Field HTML Injection Vulnerability
Hibyte's HiGuest guestbook software is prone to HTML injection attacks. This issue is exposed via the message form field in the guestbook entry submission form.
Exploitation could permit remote attackers to persistently inject hostile HTML and script code into guestbook content. This could allow for theft of cookie-based authentications or other attacks, such as those which misrepresent guestbook content.
Hibyte's HiGuest guestbook software is prone to HTML injection attacks. This issue is exposed via the message form field in the guestbook entry submission form.
Exploitation could permit remote attackers to persistently inject hostile HTML and script code into guestbook content. This could allow for theft of cookie-based authentications or other attacks, such as those which misrepresent guestbook content.
Exploit / POC
Hibyte HiGuest Message Field HTML Injection Vulnerability
There is no exploit required.
There is no exploit required.
Solution / Fix
Hibyte HiGuest Message Field HTML Injection Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.