BBCode CSS XSS in slickMsg
- BBCode CSS XSS in slickMsg
- Last Update
- n/a n/a
- Risk Level
- Cross Site Scripting
- Unpatched. Vendor notified. No reply from developer(s).
- Vulnerable Software
- slickMsg (http://slickmsg.sourceforge.net/)
- Not available
- Discovered by
- Aliaksandr Hartsuyeu (eVuln.com)
Cross Site Scripting found in slickMsg (http://slickmsg.sourceforge.net/) script.
- CSS XSS in BBcode
- It is possible to inject XSS code (expression) into CSS style of size and color bbcodes.
size and color values are not properly sanitized before being used in CSS code.
Note: works in MS IE
CSS XSS in BBcodes examples
XSS example 1: [size=expression(alert(123))]size[/size]
XSS example 2: [color=expression(alert(456))]blue[/color]
Solution for "BBCode CSS XSS in slickMsg" is not available. Check vendor's website for updates.
Order PHP Code Review made by eVuln
Prevent hacking by source code review of your website done by Aliaksandr Hartsuyeu.The order will be done by experts in web security.