Chi Kien Uong Guestbook HTML Injection Vulnerability

It has been reported that Chi Kien Uong Guestbook may be prone to an HTML injection vulnerability. The issue has been reported to exist due to insufficient sanitization of user-supplied data during a message post. An attacker may submit a malicious post to inject arbitrary HTML into dynamically generated content.

This vulnerability may be exploited to execute arbitrary HTML and script code in the browser of an unsuspecting user who views the malicious post. Code execution will occur in the context of the vulnerable site. This issue may be exploited to steal cookie based credentials other attacks may also be possible.


Privacy Statement
Copyright 2010, SecurityFocus