Bugtraq mailing list archives
FTPoed Blog Engine =>v1.1 HTML Injection Vulnerability
From: sikik () bsdmail org
Date: 5 Mar 2006 23:03:03 -0000
FTPoed is prone to HTML injection attacks. It is possible for a malicious FTPoed user to inject hostile HTML code into the commentary via form fields. This code may be rendered in the browser of a web user who views the commentary of FTPoed. FTPoed does not adequately filter HTML tags from various fields. This may enable an attacker to inject arbitrary script code into pages that are generated by the FTPoed EXPLOIT Write <script>alert('test')</script> in a body of a message.
Current thread:
- FTPoed Blog Engine =>v1.1 HTML Injection Vulnerability sikik (Mar 06)