vendor:
Flock Browser
by:
Not mentioned
7.5
CVSS
HIGH
HTML Injection
79
CWE
Product Name: Flock Browser
Affected Version From: Flock versions prior to 3.0.0.4094
Affected Version To: Not mentioned
Patch Exists: YES
Related CWE: Not mentioned
CPE: Not mentioned
Platforms Tested: Not mentioned
2010
HTML Injection vulnerability in Flock Browser
Flock Browser is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.
Mitigation:
Upgrade to Flock version 3.0.0.4094 or later.