Lucene search
K

WebCT Campus Edition 3.84.x - HTML Injection

🗓️ 29 Mar 2004 00:00:00Reported by Simon BouletType 
exploitpack
 exploitpack
👁 29 Views

WebCT Campus Edition is vulnerable to HTML injection allowing remote code execution via forums.

Code
source: https://www.securityfocus.com/bid/9999/info

It has been reported that WebCT Campus Edition may be prone to an HTML injection vulnerability that may allow a remote attacker to execute arbitrary HTML or script code in the browser of an unsuspecting user. A malicious user could supply malicious HTML or script code to the application via the @import url() function of Microsoft Internet Explorer when posting a message on a forum, which would then be rendered in the browser of an unsuspecting user whenever the malicious message is viewed.

WebCT Campus Edition version 4.1 is reported to be affected by this issue. 

<style type="text/css">
@import url(javascript:alert(document.cookie));
</style>

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation