BirdBlog BB Code HTML Injection Vulnerability
BID:13520
Info
BirdBlog BB Code HTML Injection Vulnerability
| Bugtraq ID: | 13520 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | May 05 2005 12:00AM |
| Updated: | May 05 2005 12:00AM |
| Credit: | Announced by the vendor. |
| Vulnerable: |
BirdBlog BirdBlog 1.3 .0 BirdBlog BirdBlog 1.2.1 BirdBlog BirdBlog 1.2 .0 BirdBlog BirdBlog 1.1 .0 BirdBlog BirdBlog 1.0 .0 |
| Not Vulnerable: |
BirdBlog BirdBlog 1.3.1 |
Discussion
BirdBlog BB Code HTML Injection Vulnerability
BirdBlog is prone to an HTML injection vulnerability. BB code is not properly santized before being rendered as content.
HTML injection may allow for theft of cookie-based authentication credentials or other attacks.
This issue was addressed in BirdBlog 1.3.1; all earlier versions are likely affected.
BirdBlog is prone to an HTML injection vulnerability. BB code is not properly santized before being rendered as content.
HTML injection may allow for theft of cookie-based authentication credentials or other attacks.
This issue was addressed in BirdBlog 1.3.1; all earlier versions are likely affected.
Exploit / POC
BirdBlog BB Code HTML Injection Vulnerability
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution / Fix
BirdBlog BB Code HTML Injection Vulnerability
Solution:
This issue was addressed in BirdBlog 1.3.1.
BirdBlog BirdBlog 1.0 .0
BirdBlog BirdBlog 1.1 .0
BirdBlog BirdBlog 1.2 .0
BirdBlog BirdBlog 1.2.1
BirdBlog BirdBlog 1.3 .0
Solution:
This issue was addressed in BirdBlog 1.3.1.
BirdBlog BirdBlog 1.0 .0
-
BirdBlog birdblog_1-3-1
http://sourceforge.net/project/showfiles.php?group_id=130283&package_i d=142828&release_id=324788
BirdBlog BirdBlog 1.1 .0
-
BirdBlog birdblog_1-3-1
http://sourceforge.net/project/showfiles.php?group_id=130283&package_i d=142828&release_id=324788
BirdBlog BirdBlog 1.2 .0
-
BirdBlog birdblog_1-3-1
http://sourceforge.net/project/showfiles.php?group_id=130283&package_i d=142828&release_id=324788
BirdBlog BirdBlog 1.2.1
-
BirdBlog birdblog_1-3-1
http://sourceforge.net/project/showfiles.php?group_id=130283&package_i d=142828&release_id=324788
BirdBlog BirdBlog 1.3 .0
References
BirdBlog BB Code HTML Injection Vulnerability
References:
References:
- BirdBlog Changelog (BirdBlog)
- BirdBlog Homepage (BirdBlog)