ExBB Nested BBcode Remote Script Injection Vulnerability
BID:12306
Info
ExBB Nested BBcode Remote Script Injection Vulnerability
| Bugtraq ID: | 12306 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 19 2005 12:00AM |
| Updated: | Jan 19 2005 12:00AM |
| Credit: | Discovery is credited to Algol. |
| Vulnerable: |
ExBB ExBB 1.9.1 |
| Not Vulnerable: | |
Discussion
ExBB Nested BBcode Remote Script Injection Vulnerability
ExBB is reported prone to a script injection vulnerability. It is reported that nested BBCode is not sufficiently sanitized of malicious script content.
Injected code may be rendered in the Web browser of a user who views vulnerable areas of the site. This would occur in the security context of the site hosting ExBB.
ExBB 1.9.1 is reported vulnerable, however, other versions may be affected as well.
ExBB is reported prone to a script injection vulnerability. It is reported that nested BBCode is not sufficiently sanitized of malicious script content.
Injected code may be rendered in the Web browser of a user who views vulnerable areas of the site. This would occur in the security context of the site hosting ExBB.
ExBB 1.9.1 is reported vulnerable, however, other versions may be affected as well.
Exploit / POC
ExBB Nested BBcode Remote Script Injection Vulnerability
An exploit is not required.
An exploit is not required.
Solution / Fix
ExBB Nested BBcode Remote Script Injection Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.