SSGBook 1.0 Image Tag HTML Injection Vulnerabilities

ID SSV:75732
Type seebug
Reporter Root
Modified 2014-07-01T00:00:00


No description provided by source.


SSGbook includes codes for allowing users to specify HTML formatting and layout inside of guestbook entries. For example, a user can include an image by including it inside of [image] or [img] tags. However, arbitrary HTML and script code are not sufficiently sanitized within these tags.

As a result, users may include malicious HTML and script code inside of guestbook entries. The attacker-supplied code will be rendered in the web client of a user who views a malicious guestbook entry.