[] NeoSense
E X P L O I T S
title author type platform port cve id

ShoutBox 1.2 - 'Form' HTML Injection

Author: delusion
type: webapps
platform: php
port: 
date_added: 2002-07-29 
date_updated: 2012-10-02 
verified: 1 
codes: CVE-2002-1429;OSVDB-8034 
tags: 
aliases:  
screenshot_url:  
application_url: 
source: https://www.securityfocus.com/bid/5354/info

shoutBOX does not sufficiently sanitize HTML tags from input supplied via form fields. Attackers may exploit this lack of input validation to inject arbitrary HTML and script code into pages that are generated by the script. This may result in execution of attacker-supplied code in the web client of a user who visits such a page. HTML and script code will be executed in the security context of the site hosting the software.

In the Site URL text box, type in:

"></a><html code goes here><a href="
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.