Scriptme products BBCode url XSS Vulnerability

Summary

Vulnerability: Scriptme products BBCode url XSS Vulnerability
Discovered: 2006.02.06
Last Update: 2006.02.16 Exploitation code published
ID: EV0065
CVE: CVE-2006-0661
Risk Level: low
Type: Cross Site Scripting
Status: Unpatched. No reply from developer(s)
Vendor: Scriptme (http://www.scriptme.com/)
Vulnerable Software: "SmE GB Host" "SmE Blog Host"
Version: n/a
PoC/Exploit: Available
Solution: Not available
Discovered by: Aliaksandr Hartsuyeu (eVuln.com)

Description

Cross Site Scripting found in "SmE GB Host" "SmE Blog Host" script.

Arbitrary script code insertion is possible in BBcode [url] tag.

"SmE GB Host" 1.21 - vulnerable
"SmE Blog Host" - vulnerable

PoC/Exploit

BBCode Example:

[url=javascript:alert(123)]Click Me[/url]

Solution.

Solution for "Scriptme products BBCode url XSS Vulnerability" is not available. Check Scriptme website for updates.