VULHUB ™

EJ3 BlackBook does not filter script code from many input fields used to accept guestbook signature information, making it prone to HTML injection attacks. Attacker-supplied script code may be included in fields submitted in the 'sign.php' script. This may enable a remote attacker to steal cookie-based authentication credentials from legitimate users of BlackBook.

EJ3 BlackBook does not filter script code from many input fields used to accept guestbook signature information, making it prone to HTML injection attacks. Attacker-supplied script code may be included in fields submitted in the 'sign.php' script. This may enable a remote attacker to steal cookie-based authentication credentials from legitimate users of BlackBook.