Bug: [eVuln] Foxrum BBCode XSS Vulnerabilty ( Ascii Version )

Search:
WLB2

[eVuln] Foxrum BBCode XSS Vulnerabilty

Published
Credit
Risk
2006.01.10
alex evuln com
Low
CWE
CVE
Local
Remote
CWE-79
CVE-2006-0156
No
Yes

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.3/10
2.9/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
None
Partial
None

New eVuln Advisory:
Foxrum BBCode XSS Vulnerabilty

--------------------Summary----------------

Software: Foxrum
Sowtware's Web Site: http://www.foxrum.fr.st/
Versions: 4.0.4f
Critical Level: Harmless
Type: Cross-Site Scripting
Class: Remote
Status: Unpatched
Exploit: Available
Solution: Available
Discovered by: Aliaksandr Hartsuyeu (eVuln.com)
Published: 2006.01.09
eVuln ID: EV0020

-----------------Description--------------
Arbitrary script code insertion is possible in BBcode.

Vulnerable Script: addpost1.php addtopic1.php

BBcode isn't properly sanitized. This can be used to post arbitrary script code.

--------------Exploit---------------------
BBcode Example:

[url=javascript:alert(123)]title[/url]

--------------Solution---------------------
No vendor-provided patch availabve.

Solution: disable BBcode

--------------Credit---------------------
Original Advisory:
http://evuln.com/vulns/20/summary.html

Discovered by: Aliaksandr Hartsuyeu (eVuln.com)

See this note in TXT Version

Bugtraq RSS
Bugtraq
 
REDDIT
REDDIT
 
DIGG
DIGG
 
LinkedIn
LinkedIn
 
CVE RSS
CVEMAP

Copyright 2014, cxsecurity.com
Ascii Version