my little homepage products [link] BBCode XSS

Summary

Vulnerability
my little homepage products [link] BBCode XSS
Discovered
2006.01.25
Last Update
0 n/a
ID
EV0051
CVE
CVE-2006-0471 CVE-2006-0472 CVE-2006-0473
Risk Level
low
Type
Cross Site Scripting
Status
Unpatched
Vendor
my little homepage (http://www.mylittlehomepage.net/)
Vulnerable Software
All products
Version
2004.04.20
PoC/Exploit
Available
Solution
Not available
Discovered by
Aliaksandr Hartsuyeu (eVuln.com)

Description

Cross Site Scripting found in All products script.

Arbitrary script code insertion is possible in BBcode [link] tag of all "my little homepage" products:

my little weblog - vulnerable

my little guestbook - vulnerable

my little forum - vulnerable

Other products may be vulnerable too.

[link] tag isn't properly sanitized. This can be used to post arbitrary script code.

PoC/Exploit

BBCode Examples:

[link=javascript:alert(123)]Link[/link][link]javascript:alert(123)[/link]

Solution.

Solution for "my little homepage products [link] BBCode XSS" is not available. Check my little homepage website for updates.

Order Source Code Review made by eVuln

Prevent hacker attacks by source code review of your website made by eVuln team.The work will be done by specialists in website security.

Advisories by vuln type

Website Monitoring

Daily malware scanning. Allows to receive alerts about security problems in your website.
Details >>

Malicious redirects detected?

eVuln team will eliminate the reason, clean your website and monitor it.
Details >>

Website blacklisted?

eVuln team will clean your website, discover and fix security holes, remove from blacklists.
Details >>