BBcode XSS Vulnerability in NavBoard
- BBcode XSS Vulnerability in NavBoard
- Last Update
- 0 n/a
- Risk Level
- Cross Site Scripting
- NavBoard (http://navarone.f2o.org/)
- Vulnerable Software
- NavBoard (http://sourceforge.net/projects/navboard/)
- checked: V16 Stable(2.6.0) and V17beta2
- Discovered by
- Aliaksandr Hartsuyeu (eVuln.com)
Cross Site Scripting found in NavBoard (http://sourceforge.net/projects/navboard/) script.
Arbitrary script code insertion is possible in BBcode.
Vulnerable Script: post.php
BBcode isn't properly sanitized. This can be used to post arbitrary script code which will be executed in the browser of every visitor.
Administrator's cookie-based authentication is threatened.
Login and plain text Password are stored in Cookies.
Administrator can modify PHP Code from Administrator's panel.
For V16(2.6.0) and V17beta2
No vendor-provided patch availabve.
Solution: disable BBcode
Order Source Code Audit made by eVuln team
Prevent hacking by source code analysis of your website or web application made by our team.The order will be done by experts in web security.