Network Security: Detailed info on SparkleBlog Journal.php HTML Injection Vulnerability =>v2.1 (all version

Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.

Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.

Network Security Bugtraq

Subject:	SparkleBlog Journal.php HTML Injection Vulnerability =>v2.1 (all versions vulnerable)
Date:	25 Oct 2005 16:47:05 -0000

Subject:

SparkleBlog Journal.php HTML Injection Vulnerability =>v2.1 (all versions vulnerable)

Date:

25 Oct 2005 16:47:05 -0000

SparkleBlog is prone to HTMl injection attacks. It is possible for a malicious SparkleBlog user to inject hostile HTML script code into the commentary via form fields. This code may be rendered in the browser of a web user who views the commentary of SparkleBlog. SparkleBlog does not adequately filter HTMl tags from various fields. This may enable an attacker to inject arbitrary script code into pages that are generated by SparkleBlog example: put <script>alert('test')</script> in the "name:" tag in http://localhost/journal.php?id=1 SparkleBlog home page: http://www.creamed-coconut.org/

<Prev in Thread]	Current Thread	[Next in Thread>
SparkleBlog Journal.php HTML Injection Vulnerability =>v2.1 (all versions vulnerable), sikikmail <=

<Prev in Thread]

Current Thread

[Next in Thread>

Previous by Date:	Network Appliance iSCSI Authentication Bypass, advisories
Next by Date:	MDKSA-2005:193 - Updated ethereal packages fix multiple vulnerabilities, Mandriva Security Team
Previous by Thread:	Network Appliance iSCSI Authentication Bypass, advisories
Next by Thread:	MDKSA-2005:193 - Updated ethereal packages fix multiple vulnerabilities, Mandriva Security Team
Indexes:	[Date] [Thread] [Top] [All Lists]

Previous by Date:

Network Appliance iSCSI Authentication Bypass, advisories

Next by Date:

MDKSA-2005:193 - Updated ethereal packages fix multiple vulnerabilities, Mandriva Security Team

Previous by Thread:

Network Appliance iSCSI Authentication Bypass, advisories

Next by Thread:

MDKSA-2005:193 - Updated ethereal packages fix multiple vulnerabilities, Mandriva Security Team

Indexes:

[Date] [Thread] [Top] [All Lists]