BBCode XSS Vulnerabilty in Foxrum
Summary
- Vulnerability
- BBCode XSS Vulnerabilty in Foxrum
- Discovered
- 2006.01.09
- Last Update
- 0 n/a
- ID
- EV0020
- CVE
- CVE-2006-0156
- Risk Level
- low
- Type
- Cross Site Scripting
- Status
- Unpatched
- Vendor
- n/a
- Vulnerable Software
- Foxrum (http://www.foxrum.fr.st/)
- Version
- 4.0.4f
- PoC/Exploit
- Available
- Solution
- Available
- Discovered by
- Aliaksandr Hartsuyeu (eVuln.com)
Description
Cross Site Scripting found in Foxrum (http://www.foxrum.fr.st/) script.
Arbitrary script code insertion is possible in BBcode.
Vulnerable Script: addpost1.php addtopic1.php
BBcode isn't properly sanitized. This can be used to post arbitrary script code.
PoC/Exploit
BBcode Example:
[url=javascript:alert(XSS)]title[/url]
Solution.
No vendor-provided patch availabve.
Solution: disable BBcode