Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

phpScheduleIt < 1.0.0 New User Registration HTML Injection

Medium

Synopsis

The remote host is vulnerable to an HTML injection attack.

Description

The remote host is running phpScheduleIt. According to its banner, this version is reported vulnerable to an HTML injection issue. An attacker may add malicious HTML and Javascript code in a schedule page if they have the right to edit the 'Schedule Name' field. This field is not properly sanitized. The malicious code would be executed by a victim's web browser displaying this schedule.

Solution

Upgrade to phpScheduleIt 1.0.0 or higher.