phpGB 1.1 HTML Injection Vulnerability

2014-07-0100:00:00

Root

www.seebug.org

JSON

No description provided by source.


                                                source: http://www.securityfocus.com/bid/5676/info

phpGB is subject to HTML injection attacks.

phpGB fails to check for the presence of HTML tags when generating guestbook entries. It is reported that an attacker may inject HTML and script code into guestbook entries, which will be executed in the web client of the administrative guestbook user when the admin attempts to delete the entry. 

Enter the following guestbookentry:

&#34;delete me &#60;script&#62;alert(document.cookie)&#60;/script&#62;&#34;

JSON