VULHUB ™

Ocean12 ASP Guestbook Manager has been reported prone to a HTML Code injection vulnerability. Due to a lack of sanitization performed on several guestbook form fields, an attacker may inject arbitrary HTML code into dynamically generated Guestbook Manager pages. The injected script code will execute in the security context of the Guestbook Manager site, potentially allowing an attacker to hijack web content or to steal cookie-based authentication credentials. It may also be possible to take arbitrary actions as the victim user, including posting or deleting content.

Ocean12 ASP Guestbook Manager has been reported prone to a HTML Code injection vulnerability. Due to a lack of sanitization performed on several guestbook form fields, an attacker may inject arbitrary HTML code into dynamically generated Guestbook Manager pages. The injected script code will execute in the security context of the Guestbook Manager site, potentially allowing an attacker to hijack web content or to steal cookie-based authentication credentials. It may also be possible to take arbitrary actions as the victim user, including posting or deleting content.