• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

OpenConf Paper Submission HTML Injection Vulnerability

OpenConf is prone to an HTML injection vulnerability. This is due to insufficient validation of data supplied through paper submissions within the OpenConf system.

This may permit an attacker to inject hostile HTML and script code into the session of a user who is reviewing the submitted paper. Theft of cookie-based credentials is possible in addition to other attacks.