SparkleBlog Journal.php HTML Injection Vulnerability =>v2.1 (all versions vulnerable)

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: SparkleBlog Journal.php HTML Injection Vulnerability =>v2.1 (all versions vulnerable)
From: sikikmail@xxxxxxxxx
Date: 25 Oct 2005 16:47:05 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

SparkleBlog is prone to HTMl injection attacks. It is possible for a malicious 
SparkleBlog user to inject hostile HTML script code into the commentary via 
form fields. This code may be rendered in the browser of a web user who views 
the commentary of SparkleBlog.
SparkleBlog does not adequately filter HTMl tags from various fields. This may 
enable an attacker to inject arbitrary script code into pages that are 
generated by SparkleBlog 
example:
put <script>alert('test')</script> in the "name:" tag in 
http://localhost/journal.php?id=1

SparkleBlog home page: http://www.creamed-coconut.org/

Prev by Date: SEC-Consult SA 20051025-1 :: RSA ACE Web Agent XSS
Next by Date: [SECURITY] [DSA 548-2] New imlib packages fix arbitrary code execution
Previous by thread: SEC-Consult SA 20051025-1 :: RSA ACE Web Agent XSS
Next by thread: [SECURITY] [DSA 548-2] New imlib packages fix arbitrary code execution
Index(es):
- Date
- Thread