JavaScript Insertion Vulnerability in Bit 5 Blog
Summary
- Vulnerability
- JavaScript Insertion Vulnerability in Bit 5 Blog
- Discovered
- 2006.01.14
- Last Update
- 0 n/a
- ID
- EV0032
- CVE
- CVE-2006-0361
- Risk Level
- low
- Type
- Cross Site Scripting
- Status
- Unpatched
- Vendor
- n/a
- Vulnerable Software
- Bit 5 Blog (http://bit5blog.sourceforge.net/)
- Version
- 8.01
- PoC/Exploit
- Available
- Solution
- Not available
- Discovered by
- Aliaksandr Hartsuyeu (eVuln.com)
Description
Cross Site Scripting found in Bit 5 Blog (http://bit5blog.sourceforge.net/) script.
Arbitrary script code insertion is possible in BBcode.
Vulnerable Script: addcomment.php
Variable: $comment
Tag <a> isn't properly sanitized. This can be used to post arbitrary script code.
PoC/Exploit
Example:
<a href=javascript:alert(123)>clickme</a>
Solution.
Solution for "JavaScript Insertion Vulnerability in Bit 5 Blog" is not available. Check vendor's website for updates.