PHPScheduleIt HTML Injection Vulnerability

phpScheduleIt is reported to contain an HTML injection vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied input before including it in dynamically generated web page content.

This may allow an attacker to inject malicious HTML and script code into the application. An unsuspecting user viewing the schedule will have the attacker-supplied script code executed within their browser in the context of the vulnerable site. This issue may be leverage to steal cookie based authentication credentials. Other attacks are also possible.

Although this issue reportedly affects version 1.0.0RC1 of the affected software, it is likely that other versions are affected as well.


Privacy Statement
Copyright 2010, SecurityFocus