Title: Ocean12 ASP Guestbook Manager Code Injection Vulnerability
Severity: MODERATE
Description:
The Ocean12 ASP Guestbook Manager is a full featured Guestbook Program. It is written entirely in ASP/VBScript and utilizes an Access database for data storage.
Ocean12 ASP Guestbook Manager has been reported prone to a HTML Code injection vulnerability.
Due to a lack of sanitization performed on several Guestbook form fields, specifically the 'Name', 'E-Mail' and 'Message' fields, an attacker may inject arbitrary HTML code into dynamically generated Guestbook Manager pages.
The injected script code will execute in the security context of the Guestbook Manager site, potentially allowing an attacker to hijack web content or to steal cookie-based authentication credentials. It may also be possible to take arbitrary actions as the victim user, including posting or deleting content.
Affected Products:
- Ocean12 Technologies ASP Guestbook Manager 1.0.0
References:
- Ocean12: ASP Guestbook Manager Homepage
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
