Contact Us
SECURITY BLOG SECURITY DASHBOARD PARTNERS PRODUCTS JOBS SERVICES COMPANY HOME
 
Security Dashboard | US-CERTs | SecurityFocus | Advisories | Exploits | Threats | Vulnerabilities | Risks
Network Security Consulting Advisories Article

phpMoneyBooks 'index.php' Multiple HTML Injection Vulnerabilities

http://www.securityfocus.com/bid/54247

Security Info

Bugtraq ID: 54247
Class: Input Validation Error
CVE:
Remote: Yes
Local: No
Published: Jun 29 2012 12:00AM
Updated: Jun 29 2012 12:00AM
Credit: chap0
Vulnerable: Star Host Design, LLC phpMoneyBooks 1.0.3
Not Vulnerable:

Security Discussion

phpMoneyBooks is prone to multiple HTML-injection vulnerabilities because the application fails to properly sanitize user-supplied input.

An attacker can exploit these issues to execute arbitrary script code in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials. Other attacks are also possible.

phpMoneyBooks 1.0.3 is vulnerable; other versions may also be affected.

Proof of Concept and Security Exploits

Attackers can use a browser to exploit these issues.

Security Solution(s)

Solution:
Updates are available. Please see the references for more information.

Security References(s)

References:

Contact Us

Security Penetration Testing

Security Questions

Security Dashboard

Emagined Security Blog featuring Dr. Eugene Schultz
Site Updated June 18, 2013
©2000-2013 Emagined Security
All Rights Reserved

Secure Web Programming
by Vizual Services