header-logo
Suggest Exploit
vendor:
XAMPP
by:
SecurityFocus
7.5
CVSS
HIGH
Remote HTML-injection
79
CWE
Product Name: XAMPP
Affected Version From: XAMPP 1.4.13
Affected Version To: XAMPP 1.4.14
Patch Exists: YES
Related CWE: CVE-2005-3106
CPE: a:apache:xampp
Metasploit: https://www.rapid7.com/db/vulnerabilities/linuxrpm-CESA-2006-0101/https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2006-0101/
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows, Linux, Mac
2005

XAMPP Multiple Remote HTML-injection Vulnerabilities

XAMPP is prone to multiple remote HTML-injection vulnerabilities because the software fails to properly sanitize user-supplied input before including it in dynamically generated web content. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user, which may help the attacker steal cookie-based authentication credentials and launch other attacks.

Mitigation:

Input validation should be used to ensure that user-supplied data is properly sanitized.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/13127/info

XAMPP is prone to multiple remote HTML-injection vulnerabilities because the software fails to properly sanitize user-supplied input before including it in dynamically generated web content.

An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user, which may help the attacker steal cookie-based authentication credentials and launch other attacks. 

http://www.example.com/xampp/phonebook.php?lastname=Cru3l.b0y&firstname=&phone=

Navigation

Suggest Exploit

Services By CQR