SCSSBoard URL Tag Script Injection Vulnerability
BID:13041
Info
SCSSBoard URL Tag Script Injection Vulnerability
| Bugtraq ID: | 13041 |
| Class: | Input Validation Error |
| CVE: |
CVE-2005-1068 |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 06 2005 12:00AM |
| Updated: | Jul 12 2009 11:57AM |
| Credit: | This vulnerability was announced by the vendor. |
| Vulnerable: |
sCssBoard sCssBoard 1.11 sCssBoard sCssBoard 1.1 sCssBoard sCssBoard 1.0 |
| Not Vulnerable: |
sCssBoard sCssBoard 1.12 |
Discussion
SCSSBoard URL Tag Script Injection Vulnerability
sCssBoard is affected by a script injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in dynamically generated content.
An attacker can supply arbitrary javascript code through the BBCode URL tag to trigger this issue and execute arbitrary script code in a user's browser.
sCssBoard is affected by a script injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in dynamically generated content.
An attacker can supply arbitrary javascript code through the BBCode URL tag to trigger this issue and execute arbitrary script code in a user's browser.
Exploit / POC
SCSSBoard URL Tag Script Injection Vulnerability
No exploit is required.
No exploit is required.
Solution / Fix
SCSSBoard URL Tag Script Injection Vulnerability
Solution:
The vendor has addressed this issue in sCssBoard version 1.12 and later.
sCssBoard sCssBoard 1.0
sCssBoard sCssBoard 1.1
sCssBoard sCssBoard 1.11
Solution:
The vendor has addressed this issue in sCssBoard version 1.12 and later.
sCssBoard sCssBoard 1.0
-
sCssBoard scssboard-1.12.zip
http://prdownloads.sourceforge.net/scssboard/scssboard-1.12.zip?downlo ad
sCssBoard sCssBoard 1.1
-
sCssBoard scssboard-1.12.zip
http://prdownloads.sourceforge.net/scssboard/scssboard-1.12.zip?downlo ad
sCssBoard sCssBoard 1.11
-
sCssBoard scssboard-1.12.zip
http://prdownloads.sourceforge.net/scssboard/scssboard-1.12.zip?downlo ad
References
SCSSBoard URL Tag Script Injection Vulnerability
References:
References:
- sCssBoard Changelog (sCssBoard)
- sCssBoard Homepage (sCssBoard)