FoxyProxy is a set of proxy management tools for Firefox, Google Chrome, and Internet Explorer. While adding proxies to this addon in Chrome it was found that it does not properly sanitize its input.

FoxyProxy HTML Injectable

It turned out that FoxyProxy Standard version 2.9.2 is vulnerable to HTML Injection. HTML injection is an attack that is closely related to Cross Site Scripting (XSS). The difference is not in the vulnerability, but in the type of attack that leverages the vulnerability. While XSS uses script tags to run JavaScript, HTML injection simply uses HTML to modify the page for malicious reasons such as defacement or tricking users to supply their credentials.

 

Share on Facebook0Share on Google+0Tweet about this on TwitterShare on LinkedIn0Email this to someonePin on Pinterest0Share on Reddit0Digg thisShare on Tumblr0Share on Yummly0Share on StumbleUpon0Flattr the author