vendor:
Wiki Web Help
by:
5.5
CVSS
MEDIUM
Cross-Site Scripting and HTML Injection
79
CWE
Product Name: Wiki Web Help
Affected Version From: 2000.2.7
Affected Version To: 2000.2.7
Patch Exists: NO
Related CWE:
CPE:
Platforms Tested:
Cross-Site Scripting and HTML Injection vulnerabilities in Wiki Web Help
Wiki Web Help is prone to a cross-site scripting vulnerability and multiple HTML-injection vulnerabilities because it fails to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplied HTML and script code could run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.
Mitigation:
Properly sanitize user-supplied input before using it in dynamically generated content. Implement input validation and output encoding to prevent XSS and HTML Injection attacks.