Zoomblog HTML Injection Vulnerability
DESCRIPTION
Zoomblog is prone to HTML injection attacks. It is possible for a malicious
Zoomblog user to inject hostile HTML and script code into the commentary via
form fields. This code may be rendered in the browser of a web user who views
the commentary of Zoomblog.
Zoomblog does not adequately filter HTML tags from various fields. This may
enable an attacker to inject arbitrary script code into pages that are
generated by the Zoomblog.
All versions are vulnerable.
EXPLOIT
There is no exploit required.
EXAMPLE
Write <script>alert('test')</script> in http://yourblog.zoomblog/comments/
HOMEPAGE
http:/zoomblog.com