header-logo
Suggest Exploit
vendor:
Web Chat Manager
by:
SecurityFocus
7.5
CVSS
HIGH
HTML Injection
79
CWE
Product Name: Web Chat Manager
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: N/A
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2002

Web Chat Manager HTML Injection Vulnerability

It has been reported that Web Chat Manager is prone to HTML injection attacks. This problem occurs due to insufficient sanitization of user-supplied input. As a result of this insufficiency an attacker may embed HTML code via a HTML form field or URI parameter of the Web Chat Manager user registration page. It may be possible to steal the unsuspecting user's cookie-based authentication credentials, as well as other sensitive information. Other attacks are also possible.

Mitigation:

Input validation should be used to ensure that user-supplied input is properly sanitized.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/7190/info

It has been reported that Web Chat Manager is prone to HTML injection attacks. This problem occurs due to insufficient sanitization of user-supplied input. 

As a result of this insufficiency an attacker may embed HTML code via a HTML form field or URI parameter of the Web Chat Manager user registration page.

It may be possible to steal the unsuspecting user's cookie-based authentication credentials, as well as other sensitive information. Other attacks are also possible.

http://<target>/chat_dir/register.php?register=yes&username=OverG&email=<scr*pt>alert%20
("Test!")</scr*pt>&email1=<scr*pt>alert%20("Test!")</scr*pt>

Navigation

Suggest Exploit

Services By CQR