header-logo
Suggest Exploit
vendor:
WebCT Campus Edition
by:
5.5
CVSS
MEDIUM
HTML Injection
79
CWE
Product Name: WebCT Campus Edition
Affected Version From: 4.1
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:

WebCT Campus Edition HTML Injection Vulnerability

The WebCT Campus Edition is prone to an HTML injection vulnerability that may allow a remote attacker to execute arbitrary HTML or script code in the browser of an unsuspecting user. A malicious user could supply malicious HTML or script code to the application via the @import url() function of Microsoft Internet Explorer when posting a message on a forum, which would then be rendered in the browser of an unsuspecting user whenever the malicious message is viewed.

Mitigation:

It is recommended to update to a patched version of WebCT Campus Edition.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/9999/info

It has been reported that WebCT Campus Edition may be prone to an HTML injection vulnerability that may allow a remote attacker to execute arbitrary HTML or script code in the browser of an unsuspecting user. A malicious user could supply malicious HTML or script code to the application via the @import url() function of Microsoft Internet Explorer when posting a message on a forum, which would then be rendered in the browser of an unsuspecting user whenever the malicious message is viewed.

WebCT Campus Edition version 4.1 is reported to be affected by this issue. 

<style type="text/css">
@import url(javascript:alert(document.cookie));
</style>

Navigation

Suggest Exploit

Services By CQR