PT-2002-1399 · Openbb · Openbb
Published
2002-06-25
·
Updated
2016-10-18
·
CVE-2002-0330
CVSS v2.0
7.5
High
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
OpenBB version 1.0.0
Description
A cross-site scripting issue in the codeparse.php file allows remote attackers to execute arbitrary scripts and potentially steal cookies by injecting Javascript into the IMG tag.
Recommendations
For OpenBB version 1.0.0, update the codeparse.php file to properly sanitize user input and prevent the execution of arbitrary scripts. As a temporary workaround, consider restricting the use of Javascript in the IMG tag to minimize the risk of exploitation.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Openbb