VWE-2008-0016 Printable Version

https://www.vaultwiki.org/pages/Book/Documentation/VWE-2008-0016
This page is a chapter in Info Known Vulnerabilities

This page has been seen 3,573 times.

- Created by
  pegasus
  on November 20, 2024

Common Name None
VWE-ID VWE-2008-0016
Related Report None
Severity HIGH
Exploit Difficulty EASY
Platform Affects all platforms supported by the vulnerable versions.
Description HTML/Javascript injection. The H BB-Code uses the user-supplied tag option without properly cleaning it, allowing for arbitrary HTML attributes or other content to be inserted within the heading HTML tag.

Discovered August 2008
Resolved August 7, 2008
Patches Available 2.0.0
The versions listed below are known to be affected by this issue. If you are using one of those versions, you should update to a newer release that has no known vulnerabilities.

Common Name	None
VWE-ID	VWE-2008-0016
Related Report	None
Severity	HIGH
Exploit Difficulty	EASY
Platform	Affects all platforms supported by the vulnerable versions.
Description	HTML/Javascript injection. The H BB-Code uses the user-supplied tag option without properly cleaning it, allowing for arbitrary HTML attributes or other content to be inserted within the heading HTML tag.
Discovered	August 2008
Resolved	August 7, 2008
Patches Available	2.0.0