header-logo
Suggest Exploit
vendor:
Fresh Guest Book
by:
SecurityFocus
8.3
CVSS
HIGH
Remote HTML Injection
79
CWE
Product Name: Fresh Guest Book
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: N/A
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2002

Fresh Guest Book Remote HTML Injection Vulnerability

Fresh Guest Book is prone to a remote HTML injection vulnerability due to a failure of the application to properly sanitize user supplied form input. An attacker may exploit the vulnerability to execute arbitrary script code in the browser of an unsuspecting user, potentially stealing the unsuspecting user's cookie-based authentication credentials, as well as other sensitive information.

Mitigation:

Input validation should be used to ensure that user supplied data does not contain malicious HTML or script code.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/9995/info

It has been reported that Fresh Guest Book is prone to a remote HTML injection vulnerability. This issue is due to a failure of the application to properly sanitize user supplied form input.

An attacker may exploit the aforementioned vulnerabilities to execute arbitrary script code in the browser of an unsuspecting user. It may be possible to steal the unsuspecting user's cookie-based authentication credentials, as well as other sensitive information. Other attacks may also be possible. 

<script>alert('xss');</script>

Navigation

Suggest Exploit

Services By CQR