my little homepage products [link] BBCode XSS
Summary
- Vulnerability
- my little homepage products [link] BBCode XSS
- Discovered
- 2006.01.25
- Last Update
- 0 n/a
- ID
- EV0051
- CVE
- CVE-2006-0471 CVE-2006-0472 CVE-2006-0473
- Risk Level
- low
- Type
- Cross Site Scripting
- Status
- Unpatched
- Vendor
- my little homepage (http://www.mylittlehomepage.net/)
- Vulnerable Software
- All products
- Version
- 2004.04.20
- PoC/Exploit
- Available
- Solution
- Not available
- Discovered by
- Aliaksandr Hartsuyeu (eVuln.com)
Description
Cross Site Scripting found in All products script.
Arbitrary script code insertion is possible in BBcode [link] tag of all "my little homepage" products:
my little weblog - vulnerable
my little guestbook - vulnerable
my little forum - vulnerable
Other products may be vulnerable too.
[link] tag isn't properly sanitized. This can be used to post arbitrary script code.
PoC/Exploit
BBCode Examples:
[link=javascript:alert(123)]Link[/link][link]javascript:alert(123)[/link]
Solution.
Solution for "my little homepage products [link] BBCode XSS" is not available. Check my little homepage website for updates.