WebsiteBaker CMS lack of sanitizing

2006-05-07T00:00:00
ID SECURITYVULNS:DOC:12573
Type securityvulns
Reporter Securityvulns
Modified 2006-05-07T00:00:00

Description

WebsiteBaker CMS lack of sanitizing

Discovered by: Nomenumbra Date: 6/4/2006 impact:moderate (privilege escalation,possible defacement)

A user's display name isn't filtered at all, allowing them to insert any HTML of javascript code at will.

Nomenumbra/[0x4F4C]