header-logo
Suggest Exploit
vendor:
Rapid-Recipe component
by:
Sid3^effects
7.5
CVSS
HIGH
HTML Injection
79
CWE
Product Name: Rapid-Recipe component
Affected Version From:
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:

Joomla! Rapid-Recipe HTML Injection Vulnerability

The Joomla! Rapid-Recipe component is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input before using it in dynamically generated content. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.

Mitigation:

To mitigate this vulnerability, it is recommended to sanitize user-supplied input before using it in dynamically generated content. Additionally, keeping the Joomla! Rapid-Recipe component up to date with the latest security patches is advised.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/41531/info

Joomla! Rapid-Recipe component is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input before using it in dynamically generated content.

Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.

The following example input is available:

">><marquee><h1>XSS3d By Sid3^effects</h1><marquee>