BBCode CSS XSS in slickMsg

Summary

Vulnerability
BBCode CSS XSS in slickMsg
Discovered
2010.12.03
Last Update
n/a n/a
ID
EV0162
CVE
n/a
Risk Level
low
Type
Cross Site Scripting
Status
Unpatched. Vendor notified. No reply from developer(s).
Vendor
n/a
Vulnerable Software
slickMsg (http://slickmsg.sourceforge.net/)
Version
0.7-alpha
PoC/Exploit
Available
Solution
Not available
Discovered by
Aliaksandr Hartsuyeu (eVuln.com)

Description

Cross Site Scripting found in slickMsg (http://slickmsg.sourceforge.net/) script.

CSS XSS in BBcode
It is possible to inject XSS code (expression) into CSS style of size and color bbcodes.

size and color values are not properly sanitized before being used in CSS code.

Note: works in MS IE

PoC/Exploit

CSS XSS in BBcodes examples

XSS example 1: [size=expression(alert(123))]size[/size]

XSS example 2: [color=expression(alert(456))]blue[/color]

Solution.

Solution for "BBCode CSS XSS in slickMsg" is not available. Check vendor's website for updates.