Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the wp-pagenavi domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/u918112125/domains/exploit.company/public_html/wp-includes/functions.php on line 6114
HTML Injection Vulnerability in Sourcefabric Campsite - exploit.company
header-logo
Suggest Exploit
vendor:
Campsite
by:
D4rk357
7.5
CVSS
HIGH
HTML Injection
79
CWE
Product Name: Campsite
Affected Version From: Unknown
Affected Version To: Unknown
Patch Exists: NO
Related CWE: Not provided
CPE: Not provided
Metasploit:
Other Scripts:
Platforms Tested:
Unknown

HTML Injection Vulnerability in Sourcefabric Campsite

The Sourcefabric Campsite is vulnerable to HTML injection due to inadequate input sanitization. This vulnerability allows attackers to inject and execute arbitrary HTML and script code within the context of the affected browser. Exploiting this vulnerability could lead to the theft of cookie-based authentication credentials and control over the rendering of the site to the user.

Mitigation:

To mitigate this vulnerability, it is recommended to properly sanitize user-supplied input before using it in dynamically generated content. Additionally, implementing proper input validation and encoding techniques can help prevent HTML injection attacks.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/41780/info

Sourcefabric Campsite is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input before using it in dynamically generated content.

Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible. 

<marquee><h1>XSS3d By D4rk357</h1><marquee>

Navigation

Suggest Exploit

Services By CQR