header-logo
Suggest Exploit
vendor:
phpGB
by:
SecurityFocus
7.5
CVSS
HIGH
HTML Injection
79
CWE
Product Name: phpGB
Affected Version From: phpGB
Affected Version To: phpGB
Patch Exists: N/A
Related CWE: N/A
CPE: a:phpgb:phpgb
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2002

phpGB HTML Injection Vulnerability

phpGB is vulnerable to HTML injection attacks due to its failure to check for the presence of HTML tags when generating guestbook entries. An attacker can inject HTML and script code into guestbook entries, which will be executed in the web client of the administrative guestbook user when the admin attempts to delete the entry.

Mitigation:

Input validation should be used to ensure that user-supplied data does not contain malicious HTML or script code.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/5676/info

phpGB is subject to HTML injection attacks.

phpGB fails to check for the presence of HTML tags when generating guestbook entries. It is reported that an attacker may inject HTML and script code into guestbook entries, which will be executed in the web client of the administrative guestbook user when the admin attempts to delete the entry. 

Enter the following guestbookentry:

"delete me <script>alert(document.cookie)</script>"

Navigation

Suggest Exploit

Services By CQR