vendor:
Jobs Portal
by:
Unknown
7.5
CVSS
HIGH
HTML Injection, SQL Injection
79, 89
CWE
Product Name: Jobs Portal
Affected Version From: 3
Affected Version To: Unknown
Patch Exists: NO
Related CWE: CVE-2012-4255, CVE-2012-4256
CPE: a:netartmedia:jobs_portal:3.0
Platforms Tested:
2012
NetArt Media Jobs Portal Multiple HTML and SQL Injection Vulnerabilities
NetArt Media Jobs Portal is prone to multiple HTML-injection vulnerabilities and an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied input data. Exploiting these issues may allow an attacker to compromise the application, access or modify data, exploit vulnerabilities in the underlying database, execute HTML and script code in the context of the affected site, steal cookie-based authentication credentials, or to control how the site is rendered to the user; other attacks are also possible.
Mitigation:
To mitigate these vulnerabilities, it is recommended to implement proper input validation and sanitization techniques in the affected application. Input data should be properly validated and sanitized before being used in SQL queries or rendered in HTML output.
