BBCode XSS Vulnerability in M. Blom HTML:BBCode
Summary
- Vulnerability
- BBCode XSS Vulnerability in M. Blom HTML:BBCode
- Discovered
- 2006.02.14
- Last Update
- 2006.02.16 CVE entry added
- ID
- EV0080
- CVE
- CVE-2006-0735
- Risk Level
- medium
- Type
- Cross Site Scripting
- Status
- Patched
- Vendor
- n/a
- Vulnerable Software
- M. Blom HTML:BBCode (http://menno.b10m.net/perl/)
- Version
- 1.04 1.03 and earlier
- PoC/Exploit
- Available
- Solution
- Available
- Discovered by
- Aliaksandr Hartsuyeu (eVuln.com)
Description
Cross Site Scripting found in M. Blom HTML:BBCode (http://menno.b10m.net/perl/) script.
Arbitrary script code insertion is possible in BBcode [url] and [img] tags.
Vulnerable script file: all scripts which use output to HTML
PoC/Exploit
BBcode Cross-Site Scripting Examples:
[img]javascript:alert(123)[/img]
[url=javascript:alert(123)]Click me[/url]
Solution.
Problem fixed in 1.05 version.
http://menno.b10m.net/perl/dists/HTML-BBCode-1.05.tar.gz