MercuryBoard Title Field HTML Injection Vulnerability
BID:12872
Info
MercuryBoard Title Field HTML Injection Vulnerability
| Bugtraq ID: | 12872 |
| Class: | Input Validation Error |
| CVE: |
CVE-2005-0878 |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 23 2005 12:00AM |
| Updated: | Jul 12 2009 05:56PM |
| Credit: | Discovery is credited to Secunia Research. |
| Vulnerable: |
MercuryBoard Message Board 1.1.2 MercuryBoard Message Board 1.1.1 MercuryBoard Message Board 1.1 MercuryBoard Message Board 1.0.2 MercuryBoard Message Board 1.0.1 MercuryBoard Message Board 1.0 |
| Not Vulnerable: |
MercuryBoard Message Board 1.1.3 |
Discussion
MercuryBoard Title Field HTML Injection Vulnerability
MercuryBoard is affected by an HTML injection vulnerability.
The issue affects the 'title' field when a PM is sent to a user and may be exploited to execute arbitrary HTML and script code in the browser of a user when the user views the PM.
MercuryBoard 1.1.2 is affected by this issue. It is likely that this issue affects prior versions as well.
MercuryBoard is affected by an HTML injection vulnerability.
The issue affects the 'title' field when a PM is sent to a user and may be exploited to execute arbitrary HTML and script code in the browser of a user when the user views the PM.
MercuryBoard 1.1.2 is affected by this issue. It is likely that this issue affects prior versions as well.
Exploit / POC
MercuryBoard Title Field HTML Injection Vulnerability
An exploit is not required to leverage this issue.
An exploit is not required to leverage this issue.
Solution / Fix
MercuryBoard Title Field HTML Injection Vulnerability
Solution:
The vendor has released MercuryBoard 1.1.3 to address this issue.
MercuryBoard Message Board 1.0
MercuryBoard Message Board 1.0.1
MercuryBoard Message Board 1.0.2
MercuryBoard Message Board 1.1
MercuryBoard Message Board 1.1.1
MercuryBoard Message Board 1.1.2
Solution:
The vendor has released MercuryBoard 1.1.3 to address this issue.
MercuryBoard Message Board 1.0
-
MercuryBoard MercuryBoard 1.1.3
http://www.mercuryboard.com/index.php?a=downloads
MercuryBoard Message Board 1.0.1
-
MercuryBoard MercuryBoard 1.1.3
http://www.mercuryboard.com/index.php?a=downloads
MercuryBoard Message Board 1.0.2
-
MercuryBoard MercuryBoard 1.1.3
http://www.mercuryboard.com/index.php?a=downloads
MercuryBoard Message Board 1.1
-
MercuryBoard MercuryBoard 1.1.3
http://www.mercuryboard.com/index.php?a=downloads
MercuryBoard Message Board 1.1.1
-
MercuryBoard MercuryBoard 1.1.3
http://www.mercuryboard.com/index.php?a=downloads
MercuryBoard Message Board 1.1.2
-
MercuryBoard MercuryBoard 1.1.3
http://www.mercuryboard.com/index.php?a=downloads
References
MercuryBoard Title Field HTML Injection Vulnerability
References:
References:
- MecuryBoard Home Page (MercuryBoard)
- MercuryBoard "title" Script Insertion Vulnerability (Secunia)