Non-persistent XSS in WWWThreads (perl version)

Summary

Vulnerability
Non-persistent XSS in WWWThreads (perl version)
Discovered
2010.11.28
Last Update
n/a n/a
ID
EV0157
CVE
n/a
Risk Level
low
Type
Cross Site Scripting
Status
Unpatched. Vendor notified. No reply from developer(s).
Vendor
WWWThreads (http://www.wwwthreads.com/)
Vulnerable Software
WWWThreads (perl version)
Version
v5.0.8 Pro (perl version)
PoC/Exploit
Available
Solution
Not available
Discovered by
Aliaksandr Hartsuyeu (eVuln.com)

Description

Cross Site Scripting found in WWWThreads (perl version) script.

Non-persistent XSS
It is possible to inject xss code into view parameter in showflat.pl script.

Parameter view is not sanitized before being used in HTML code.

PoC/Exploit

Non-persistent XSS Example.

XSS example: http://website/cgi-bin/forum/showflat.pl?Cat=&Board=forum&Number=111&page=0&view="<XSS>expanded&sb=1&part=all&vc=1

Solution.

Solution for "Non-persistent XSS in WWWThreads (perl version)" is not available. Check WWWThreads website for updates.

Order PHP Code Audit made by eVuln

Protect your website by source code audit of your site or web application done by our team.The work will be done by experts in website security.

Advisories by vuln type

Website Monitoring

Daily malware scanning. Allows to receive alerts about security problems in your website.
Details >>

Malicious redirects detected?

eVuln team will eliminate the reason, clean your website and monitor it.
Details >>

Website blacklisted?

eVuln team will clean your website, discover and fix security holes, remove from blacklists.
Details >>