ForumKIT MEMBERS Parameter Cross-Site Scripting Vulnerability
BID:12256
Info
ForumKIT MEMBERS Parameter Cross-Site Scripting Vulnerability
| Bugtraq ID: | 12256 |
| Class: | Input Validation Error |
| CVE: |
CVE-2005-0381 |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 13 2005 12:00AM |
| Updated: | Jul 12 2009 09:27AM |
| Credit: | Discovery is credited to tom cruise <[email protected]>. |
| Vulnerable: |
forumKIT forumKIT 1.0 |
| Not Vulnerable: | |
Discussion
ForumKIT MEMBERS Parameter Cross-Site Scripting Vulnerability
forumKIT is prone to a cross-site scripting vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied URI input.
The problem presents itself when malicious HTML and script code is sent to the application through the 'members' parameter.
This vulnerability has been reported to exist in forumKIT 1.0.
forumKIT is prone to a cross-site scripting vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied URI input.
The problem presents itself when malicious HTML and script code is sent to the application through the 'members' parameter.
This vulnerability has been reported to exist in forumKIT 1.0.
Exploit / POC
ForumKIT MEMBERS Parameter Cross-Site Scripting Vulnerability
An exploit is not required.
An example URI sufficient to exploit this vulnerability was provided:
http://www.example.com/f.aspx?members=">&lt;script&gt;alert(document.cookie);&lt;/script&gt;
An exploit is not required.
An example URI sufficient to exploit this vulnerability was provided:
http://www.example.com/f.aspx?members=">&lt;script&gt;alert(document.cookie);&lt;/script&gt;
Solution / Fix
ForumKIT MEMBERS Parameter Cross-Site Scripting Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
ForumKIT MEMBERS Parameter Cross-Site Scripting Vulnerability
References:
References:
- XSS Vulnerability in ForumKIT (tom cruise
)