VULHUB ™

NFlash has been reported prone to script code injection vulnerabilities. This is due to the lack of sanitization on user-supplied input, used to generate pages with dynamic content. An attacker may inject script code using several form fields or URI parameters of the NFlash user administration page. When another user views one of these pages, the attacker-supplied code will be interpreted in their web browser in the security context of the site hosting the vulnerable software. It may be possible to steal an unsuspecting user's cookie-based authentication credentials, as well as other sensitive information. Other attacks are also possible.

NFlash has been reported prone to script code injection vulnerabilities. This is due to the lack of sanitization on user-supplied input, used to generate pages with dynamic content. An attacker may inject script code using several form fields or URI parameters of the NFlash user administration page. When another user views one of these pages, the attacker-supplied code will be interpreted in their web browser in the security context of the site hosting the vulnerable software. It may be possible to steal an unsuspecting user's cookie-based authentication credentials, as well as other sensitive information. Other attacks are also possible.