header-logo
Suggest Exploit
vendor:
LiveJournal
by:
SecurityFocus
7.5
CVSS
HIGH
HTML Injection
79
CWE
Product Name: LiveJournal
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2002

LiveJournal HTML Injection Vulnerability

LiveJournal is reportedly prone to HTML injection via Cascading Style Sheet (CSS) tags. It is possible to inject hostile HTML and script code into journal entries through this vulnerability. This could potentially be exploited to steal cookies from other site users. Other attacks are also possible.

Mitigation:

Input validation should be used to prevent hostile HTML and script code from being injected into journal entries.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/9727/info

LiveJournal is reportedly prone to HTML injection via Cascading Style Sheet (CSS) tags. It is possible to inject hostile HTML and script code into journal entries through this vulnerability. 

This could potentially be exploited to steal cookies from other site users. Other attacks are also possible.

<style>
.test1 { color:e\xpression(alert(document.cookie)); }
</style>

<a class="test1">foo</a>

Navigation

Suggest Exploit

Services By CQR