Radiant CVE-2018-7261 Multiple HTML Injection Vulnerabilities

Radiant is prone to multiple HTML-injection vulnerabilities because it fails to properly sanitize user-supplied input.

Successful exploits will result in the execution of arbitrary attacker-supplied HTML and script code in the context of the affected application, potentially allowing the attacker to steal cookie-based authentication credentials or control how the page is rendered to the user. Other attacks are also possible.

Radiant 1.1.4 is vulnerable; other versions may also be affected.


Bugtraq ID: 103080
Class: Input Validation Error
CVE: CVE-2018-7261

Remote: Yes
Local: No
Published: Feb 20 2018 12:00AM
Updated: Feb 20 2018 12:00AM
Credit: Suparna Kachroo
Vulnerable: Radiant Radiant 1.1.4

Not Vulnerable:


Attackers can exploit this issue by enticing an unsuspecting victim to follow a malicious URI.

Related Posts