Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
seebugRootSSV:76012
HistoryJul 01, 2014 - 12:00 a.m.

FTLS GuestBook 1.1 Script Injection Vulnerability

2014-07-0100:00:00
Root
www.seebug.org
8
JSON

No description provided by source.


                                                source: http://www.securityfocus.com/bid/6686/info

Guestbook does not adequately filter HTML tags from various fields. This may enable an attacker to inject arbitrary script code into pages that are generated by the guestbook.

The attacker's script code may be executed in the web client of arbitrary users who view the pages generated by the guestbook, in the security context of the website running the software.

The following proof of concept was provided by inserting malicious HTML code into the Title, Name and Comment fields:

<script>alert('test')</script>
JSON