header-logo
Suggest Exploit
vendor:
ProjectForum
by:
7.5
CVSS
HIGH
HTML Injection
79
CWE
Product Name: ProjectForum
Affected Version From: 7.0.1.3038
Affected Version To: 7.0.1.3038
Patch Exists: NO
Related CWE:
CPE: a:projectforum:projectforum:7.0.1.3038
Metasploit:
Other Scripts:
Platforms Tested:

HTML Injection in ProjectForum

The vulnerability exists because the application does not properly sanitize user-supplied input. An attacker can exploit this vulnerability by injecting arbitrary script code in the browser of an unsuspecting user, potentially leading to the theft of authentication credentials and other attacks.

Mitigation:

To mitigate this vulnerability, it is recommended to properly sanitize and validate user input before displaying it on webpages. Input filtering and encoding techniques can be used to prevent HTML injection attacks.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/49895/info

ProjectForum is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.

ProjectForum 7.0.1.3038 is vulnerable; other versions may also be affected. 

http://www.example.com/<IMG """><SCRIPT>alert("Vulnerable")</SCRIPT>">

Navigation

Suggest Exploit

Services By CQR