Title: PHPReactor Style Attribute HTML Injection Vulnerability
Severity: MODERATE
Description:
php(Reactor) is an integrated system of web applications designed for website maintenance. It will run on most Linux and Unix variants, in addition to Microsoft Windows operating systems.
php(Reactor) does not sufficiently sanitize HTML from various fields (such as in the body of a message or in profile fields). It is possible to inject arbitrary HTML and script code into these fields. In particular, the "STYLE" attribute in an arbitrary HTML tag is not properly sanitized. Arbitrary HTML and script code injected in this manner will be displayed to other users who visit the vulnerable website.
An attacker may potentially exploit this situation to cause arbitrary HTML and script code to execute in the web client of a user of a vulnerable website. The attacker-supplied code will execute in the context of the vulnerable website.
Affected Products:
- Ekilat LLC php(Reactor) 1.2.7pl1
References:
- php(Reactor): php(Reactor) Homepage
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
