bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1
exploit-db-mirror/exploits/php/webapps/24290.txt
Offensive Security d304cc3d3e DB: 2017-11-24 
116602 new exploits

Too many to list!
2017-11-24 20:56:23 +00:00

11 lines
No EOL
790 B
Text
Raw Blame History

source: http://www.securityfocus.com/bid/10750/info
CutePHP is reported prone to an HTML injection vulnerability.
The vulnerability exists due to insufficient sanitization of user-supplied input. Specifically, user-supplied input to comment posts are not sufficiently sanitized of malicious HTML code.
An attacker can exploit this vulnerability by adding HTML code within URI arguments. The hostile code may be rendered in the user's browser when the user views the entry.
Exploitation could permit an attacker to steal cookie-based authentication credentials or launch other attacks.
http://www.example.com/show_news.php?subaction=addcomment&name=UserName&comments=http://www.example.com&id=1078525267||1090074219|UserName|none|127.0.0.1|<script>alert("example");</script>||
Reference in a new issue View git blame Copy permalink