• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

2z Project Multiple Input Validation Vulnerabilities

2z Project is prone to multiple input-validation vulnerabilities because it fails to adequately sanitize user-supplied input. These vulnerabilities include HTML-injection issues, a cross-site scripting issue, and an arbitrary-file-upload issue.

Attackers can exploit these issues to execute arbitrary HTML and script code in the context of the affected site. Successful exploits could allow an attacker to compromise the application, steal cookie-based authentication credentials, or control how the site is rendered to the user; other attacks are also possible.

2z Project 0.9.6.1 is vulnerable; other versions may also be affected.