JAWS Glossary HTML Injection Vulnerability

info
discussion
exploit
solution
references

JAWS Glossary HTML Injection Vulnerability

JAWS is prone to an HTML injection vulnerability in the Glossary module. The module fails to sanitize user-supplied input.

An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.