- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 21755
- Проверка EDB
-
- Пройдено
- Автор
- MATTHEW MURPHY
- Тип уязвимости
- WEBAPPS
- Платформа
- PHP
- CVE
- cve-2002-2424
- Дата публикации
- 2002-08-24
Код:
source: https://www.securityfocus.com/bid/5569/info
php(Reactor) does not sufficiently sanitize HTML from various fields (such as in the body of a message or in profile fields). It is possible to inject arbitrary HTML and script code into these fields.
An attacker may potentially exploit this situation to cause arbitrary HTML and script code to execute in the web client of a user of a vulnerable website. The attacker-supplied code will execute in the context of the vulnerable website.
<b style="expression(alert(document.cookie))">- Источник
- www.exploit-db.com
