vendor:
Shoutbox
by:
7.5
CVSS
HIGH
HTML-injection
79
CWE
Product Name: Shoutbox
Affected Version From: 2.6
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Platforms Tested:
Knusperleicht Shoutbox HTML-injection Vulnerability
The Knusperleicht Shoutbox is prone to an HTML-injection vulnerability due to insufficient input data sanitization. Exploiting this issue can allow an attacker to execute HTML and script code in the context of the affected site, steal cookie-based authentication credentials, or control how the site is rendered to the user.
Mitigation:
To mitigate this vulnerability, it is recommended to sanitize and validate all user-supplied input data before using it in HTML output.