• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

TinyMuw Videopage.PHP and Quickchat.PHP HTML Injection Vulnerabilitiy

TinyMuw is prone to multiple HTML-injection vulnerabilities because it fails to properly sanitize user-supplied HTML and script code before using it in dynamically generated content.

An attacker could exploit this vulnerability to inject hostile HTML and script code into the affected site. This may help the attacker steal cookie-based authentication credentials or control how the site is rendered to the user; other attacks are also possible.