XSS Vulnerability in Tag Board
Summary
- Vulnerability
- XSS Vulnerability in Tag Board
- Discovered
- 2006.08.21
- Last Update
- 2006.08.31 Exploitation code published
- ID
- EV0137
- CVE
- n/a
- Risk Level
- low
- Type
- Cross Site Scripting
- Status
- Unpatched. No reply from developer(s)
- Vendor
- CloudNine Interactive (http://www.cloudnineinteractive.co.uk/)
- Vulnerable Software
- Tag Board (http://www.cloudnineinteractive.co.uk/stuffforyou.htm)
- Version
- 3.0
- PoC/Exploit
- Available
- Solution
- Not available
- Discovered by
- Aliaksandr Hartsuyeu (eVuln.com)
Description
Cross Site Scripting found in Tag Board (http://www.cloudnineinteractive.co.uk/stuffforyou.htm) script.
Cross-Site Scripting.
Vulnerable Script: tag.php
Parameter cjmsg is not properly sanitized. This can be used to post arbitrary HTML or web script code.
PoC/Exploit
Cross-Site Scripting Example.
URL: http://host/index.php
Message: [url=aaa.com" onmouseover="alert(123)" aa="]aaaa[/url]
Solution.
Solution for "XSS Vulnerability in Tag Board" is not available. Check CloudNine Interactive website for updates.