Description: HTML injection is a type of injection issue that occurs when a user is able to control an input point and is able to inject arbitrary HTML code into a vulnerable web page. This vulnerability can have many consequences, like disclosure of a user's session cookies that could be used to impersonate the victim, or, more generally, it can allow the attacker to modify the page content seen by the victims.
Affected software: Nucleus CMS 3.70
Type of vulnerability: HTML Injection
Discovered by: BreachLock
Website: https://www.breachlock.com
Author: Balvinder Singh
Description: HTML injection is a type of injection issue that occurs when a user is able to control an input point and is able to inject arbitrary HTML code into a vulnerable web page. This vulnerability can have many consequences, like disclosure of a user's session cookies that could be used to impersonate the victim, or, more generally, it can allow the attacker to modify the page content seen by the victims.
Proof of concept:
Step1: Login to the nucleus cms.
Step2: URL: http://localhost/NucleusCMS-master/NucleusCMS-master/nucleus/index.php?action=itemedit&itemid=8
Here the body parameter is vulnerable to HTML Injection.
Step3: Here the HTML injection got executed for body parameter.

URL: http://localhost/NucleusCMS-master/NucleusCMS-master/?itemid=8
The text was updated successfully, but these errors were encountered: