header-logo
Suggest Exploit
vendor:
ShoutBOX
by:
SecurityFocus
8,3
CVSS
HIGH
HTML Injection
79
CWE
Product Name: ShoutBOX
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: N/A
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2002

shoutBOX HTML Injection

ShoutBOX is vulnerable to HTML injection due to insufficient sanitization of user input. Attackers can exploit this vulnerability by injecting arbitrary HTML and script code into pages generated by the script. This can result in the execution of malicious code in the web client of a user who visits the page.

Mitigation:

Input validation should be used to ensure that user-supplied data does not contain malicious HTML or script code.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/5354/info

shoutBOX does not sufficiently sanitize HTML tags from input supplied via form fields. Attackers may exploit this lack of input validation to inject arbitrary HTML and script code into pages that are generated by the script. This may result in execution of attacker-supplied code in the web client of a user who visits such a page. HTML and script code will be executed in the security context of the site hosting the software. 

In the Site URL text box, type in:

"></a><html code goes here><a href="

Navigation

Suggest Exploit

Services By CQR