• info
• discussion
• exploit
• solution
• references

Free Hosting Manager Unspecified HTML Injection Vulnerability

Free Hosting Manager is prone to an HTML-injection vulnerability because it fails to sufficiently sanitize user-supplied input.

An attacker may exploit the HTML-injection issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials, control how the site is displayed, and launch other attacks.

Free Hosting Manager 2.0.2 is vulnerable; other versions may also be affected.