header-logo
Suggest Exploit
vendor:
php(Reactor)
by:
SecurityFocus
8.8
CVSS
HIGH
HTML Injection
79
CWE
Product Name: php(Reactor)
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: N/A
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2002

php(Reactor) HTML Injection

php(Reactor) does not sufficiently sanitize HTML from various fields, allowing an attacker to inject arbitrary HTML and script code into these fields. This code will execute in the context of the vulnerable website, potentially allowing the attacker to access the user's cookies.

Mitigation:

Sanitize all user-supplied input to prevent HTML injection.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/5569/info

php(Reactor) does not sufficiently sanitize HTML from various fields (such as in the body of a message or in profile fields). It is possible to inject arbitrary HTML and script code into these fields.

An attacker may potentially exploit this situation to cause arbitrary HTML and script code to execute in the web client of a user of a vulnerable website. The attacker-supplied code will execute in the context of the vulnerable website. 

<b style="expression(alert(document.cookie))">

Navigation

Suggest Exploit

Services By CQR