|
|
Log in / Subscribe / Register

tcllib: HTML injection

Package(s):tcllib CVE #(s):
Created:March 16, 2015 Updated:May 7, 2015
Description: The following flaw was reported against tcllib:

User supplied input is directly inserted into the <textarea> as default value, e.g. a textarea named 'ta' with a parameter of ta=XXX results in `<textarea>XXX</textarea>`

This can be used to break out of the <textarea>-context and insert arbitrary HTML content such as <script>-Tags.

The attack is possible using HTTP GET requests as well as POST and multipart form encoded POST requests.

Alerts:
Mageia MGASA-2015-0201 tcl-tcllib 2015-05-07
Fedora FEDORA-2015-3235 tcllib 2015-03-14
to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds