Yet Another Forum.Net Input Validation Vulnerabilities

Bugtraq ID:	12975
Class:	Input Validation Error
CVE:	CVE-2005-0982
Remote:	Yes
Local:	No
Published:	Apr 02 2005 12:00AM
Updated:	Jul 12 2009 11:56AM
Credit:	Announced by Maty Siman <maty@..>.
Vulnerable:	Bjornar Henden Yet Another Forum.Net 0.9.9
Not Vulnerable:

Yet Another Forum.Net Input Validation Vulnerabilities

Several input validation vulnerability reportedly exist in Yet Another Forum.Net. It may be possible to embed HTML content in various input fields that will be output to other users. The "name", "location" and "subject" fields were listed as affected.

Yet Another Forum.Net Input Validation Vulnerabilities

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.

Yet Another Forum.Net Input Validation Vulnerabilities

Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.

Yet Another Forum.Net Input Validation Vulnerabilities

References:

• Yet Another Forum.Net (Bjornar Henden )
  
• Yet Another Forum.net XSS vulnerabilities (maty siman )