ASP-DEV XM Forum IMG Tag Script Injection Vulnerability
BID:12958
Info
ASP-DEV XM Forum IMG Tag Script Injection Vulnerability
| Bugtraq ID: | 12958 |
| Class: | Input Validation Error |
| CVE: |
CVE-2005-1008 |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 31 2005 12:00AM |
| Updated: | Jul 12 2009 11:56AM |
| Credit: | Discovery is credited to Zinho <[email protected]>. |
| Vulnerable: |
ASP-DEV XM Forum RC3 |
| Not Vulnerable: | |
Discussion
ASP-DEV XM Forum IMG Tag Script Injection Vulnerability
XM Forum is reported prone to a script injection vulnerability.
An attacker can supply arbitrary HTML and script code through the BBCode IMG tag to trigger this issue and execute arbitrary script code in a user's browser.
XM Forum RC3 is reported vulnerable. It is possible that other versions are affected as well.
XM Forum is reported prone to a script injection vulnerability.
An attacker can supply arbitrary HTML and script code through the BBCode IMG tag to trigger this issue and execute arbitrary script code in a user's browser.
XM Forum RC3 is reported vulnerable. It is possible that other versions are affected as well.
Exploit / POC
ASP-DEV XM Forum IMG Tag Script Injection Vulnerability
An exploit is not required.
The following example is available:
[IMG]javasc+ript:alert(document.cookie)[/IMG]
An exploit is not required.
The following example is available:
[IMG]javasc+ript:alert(document.cookie)[/IMG]
Solution / Fix
ASP-DEV XM Forum IMG Tag Script Injection Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.