header-logo
Suggest Exploit
vendor:
by:
Unknown
8.5
CVSS
HIGH
Code Injection
79
CWE
Product Name:
Affected Version From:
Affected Version To:
Patch Exists: NO
Related CWE: CVE-2004-0597
CPE:
Metasploit: https://www.rapid7.com/db/vulnerabilities/gentoo-linux-cve-2004-0597/https://www.rapid7.com/db/vulnerabilities/suse-cve-2004-0597/
Other Scripts:
Platforms Tested:
2004

CSS Style Tag Injection

CSS Style Tag Injection is a type of vulnerability that allows an attacker to inject malicious code into a website using the CSS style tag. This can lead to various security issues, including cross-site scripting (XSS) attacks and remote code execution. The exploit takes advantage of the fact that the CSS style tag can contain executable code, which is executed by the browser when rendering the web page. This vulnerability can be used to bypass input validation and execute arbitrary code on the target system.

Mitigation:

To mitigate this vulnerability, it is recommended to properly validate and sanitize user input before using it in CSS style tags. Additionally, implementing content security policies (CSP) can help prevent the execution of unauthorized code.
Source

Exploit-DB raw data:

<STYLE>@;/*

// milw0rm.com [2004-07-23]

Navigation

Suggest Exploit

Services By CQR