HTML Injection Vulnerability in LiveJournal

vendor:

LiveJournal

by:

5.5

CVSS

MEDIUM

HTML Injection

CWE

Product Name: LiveJournal

Affected Version From:

Affected Version To:

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested:

HTML Injection Vulnerability in LiveJournal

The HTML injection vulnerability in LiveJournal allows an attacker to inject HTML and script code into the dynamically generated content, potentially leading to the execution of malicious code in the context of the affected website. This can result in the theft of cookie-based authentication credentials and control over how the site is rendered to the user.

Mitigation:

To mitigate this vulnerability, it is recommended to properly sanitize user-supplied input before using it in dynamically generated content. This includes encoding or filtering any potentially malicious code or scripts.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/15990/info

LiveJournal is prone to an HTML injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in dynamically generated content.

Attacker-supplied HTML and script code would be executed in the context of the affected Web site, potentially allowing for theft of cookie-based authentication credentials. An attacker could also exploit this issue to control how the site is rendered to the user; other attacks are also possible. 

Example HTML exploit code has been provided:

<span style="background:url('javas\cript:(function x(){alert("boo")})();');">test</span>