header-logo
Suggest Exploit
vendor:
AZbb
by:
SecurityFocus
7.5
CVSS
HIGH
HTML-injection
79
CWE
Product Name: AZbb
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: N/A
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2005

AZbb HTML-injection Vulnerabilities

AZbb is prone to HTML-injection vulnerabilities. These issues are due to a lack of proper sanitization of user-supplied input before using it in dynamically generated content. Attacker-supplied HTML and script code would be executed in the context of the affected website, potentially allowing for the theft of cookie-based authentication credentials. An attacker could also exploit this issue to control how the site is rendered to the user; other attacks are also possible.

Mitigation:

Input validation and output encoding should be used to prevent HTML-injection attacks.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/16351/info

AZbb is prone to HTML-injection vulnerabilities. These issues are due to a lack of proper sanitization of user-supplied input before using it in dynamically generated content.

Attacker-supplied HTML and script code would be executed in the context of the affected website, potentially allowing for the theft of cookie-based authentication credentials. An attacker could also exploit this issue to control how the site is rendered to the user; other attacks are also possible. 

http://www.example.com/post.php?nickname="><script>alert('XSS')</script><!--

http://www.example.com/post.php?topic=>"<br><iframe%20src=javascript:alert()><br>"