[{"id":29332,"date":"2023-11-17T13:01:42","date_gmt":"2023-11-17T07:31:42","guid":{"rendered":"https:\/\/www.esecforte.com\/?p=29332"},"modified":"2023-11-17T14:20:37","modified_gmt":"2023-11-17T08:50:37","slug":"cve-2023-40817-html-injection-product-configuration","status":"publish","type":"post","link":"https:\/\/www.esecforte.com\/cve-2023-40817-html-injection-product-configuration\/","title":{"rendered":"CVE-2023-40817-HTML injection-Product Configuration"},"content":{"rendered":"
[vc_row][vc_column][vc_column_text]<\/p>\n
<\/p>\n
Title:\u00a0 <\/strong>HTML injection at Product Configuration Creation<\/strong><\/p>\n <\/p>\n <\/p>\n INTRODUCTION<\/strong><\/p>\n <\/p>\n HTML Injection is a type of web application security vulnerability where an attacker can inject malicious HTML code into a web page viewed by other users. \u00a0The attack can be launched by an attacker who enters specially crafted HTML code, such as script tags or iframe elements, into the input field. The web application may then display this malicious HTML code to other users, potentially executing the code in their web browser and allowing the attacker to carry out their malicious actions.<\/p>\n <\/p>\n eSecForte Technologies Security Researcher<\/strong> \u2013 Nandini Sharma\u00a0reported a HTML Injection<\/p>\n Description:\u00a0<\/strong>HTML Injection in which attacker simple insert payload at Product Configuration on the name filed and it executed when attacker save the Product Configuration Creation.<\/p>\n Platform\/Product:\u00a0<\/strong>OpenCRX<\/p>\n Vulnerability Name: Html Injection<\/strong><\/p>\n Affected Component:<\/strong>\u00a0Product Configuration Name Field<\/p>\n Attack Type:<\/strong><\/p>\n Impact:\u00a0<\/strong><\/p>\n <\/p>\n HTML injection can result in the modification of web page content or the execution of malicious scripts, leading to the theft of sensitive information, malware distribution, phishing attacks, defacement of websites, or denial of service. It can have a significant impact on the reputation and security of a website and the organization that runs it.<\/p>\n <\/p>\n