JavaScript Insertion Vulnerability in Bit 5 Blog

Summary

Vulnerability
JavaScript Insertion Vulnerability in Bit 5 Blog
Discovered
2006.01.14
Last Update
0 n/a
ID
EV0032
CVE
CVE-2006-0361
Risk Level
low
Type
Cross Site Scripting
Status
Unpatched
Vendor
n/a
Vulnerable Software
Bit 5 Blog (http://bit5blog.sourceforge.net/)
Version
8.01
PoC/Exploit
Available
Solution
Not available
Discovered by
Aliaksandr Hartsuyeu (eVuln.com)

Description

Cross Site Scripting found in Bit 5 Blog (http://bit5blog.sourceforge.net/) script.

Arbitrary script code insertion is possible in BBcode.

Vulnerable Script: addcomment.php
Variable: $comment

Tag <a> isn't properly sanitized. This can be used to post arbitrary script code.

PoC/Exploit

Example:

<a href=javascript:alert(123)>clickme</a>

Solution.

Solution for "JavaScript Insertion Vulnerability in Bit 5 Blog" is not available. Check vendor's website for updates.