WebCT Campus Edition HTML Injection Vulnerability

vendor:

WebCT Campus Edition

by:

5.5

CVSS

MEDIUM

HTML Injection

CWE

Product Name: WebCT Campus Edition

Affected Version From: 4.1

Affected Version To:

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested:

WebCT Campus Edition HTML Injection Vulnerability

The WebCT Campus Edition is prone to an HTML injection vulnerability that may allow a remote attacker to execute arbitrary HTML or script code in the browser of an unsuspecting user. A malicious user could supply malicious HTML or script code to the application via the @import url() function of Microsoft Internet Explorer when posting a message on a forum, which would then be rendered in the browser of an unsuspecting user whenever the malicious message is viewed.

Mitigation:

It is recommended to update to a patched version of WebCT Campus Edition.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/9999/info

It has been reported that WebCT Campus Edition may be prone to an HTML injection vulnerability that may allow a remote attacker to execute arbitrary HTML or script code in the browser of an unsuspecting user. A malicious user could supply malicious HTML or script code to the application via the @import url() function of Microsoft Internet Explorer when posting a message on a forum, which would then be rendered in the browser of an unsuspecting user whenever the malicious message is viewed.

WebCT Campus Edition version 4.1 is reported to be affected by this issue. 

<style type="text/css">
@import url(javascript:alert(document.cookie));
</style>