XMB Forum Flash Video Cross-Site Scripting Vulnerability

Bugtraq ID:	17445
Class:	Input Validation Error
CVE:	CVE-2006-1748
Remote:	Yes
Local:	No
Published:	Apr 10 2006 12:00AM
Updated:	Sep 10 2008 09:00PM
Credit:	[email protected] is credited with the discovery of this vulnerability.
Vulnerable:	XMB Forum 1.9.8 SP2 XMB Forum 1.9.8 XMB Forum 1.9.6 Final XMB Forum 1.9.6 XMB Forum 1.9.5 Final XMB Forum 1.9.3 XMB Forum 1.9.2 XMB Forum 1.9.1 XMB Forum 1.9 beta XMB Forum 1.9 XMB Forum 1.8 SP3 XMB Forum 1.8 SP2 XMB Forum 1.8 SP1 XMB Forum 1.8
Not Vulnerable:	XMB Forum 1.9.10

XMB Forum Flash Video Cross-Site Scripting Vulnerability

XMB Forum is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.

An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

XMB Forum Flash Video Cross-Site Scripting Vulnerability

This issue can be exploited through a web client.

XMB Forum Flash Video Cross-Site Scripting Vulnerability

Solution:
A vendor update is available. Contact the vendor for more information.

XMB Forum Flash Video Cross-Site Scripting Vulnerability

References:

• Summary of Official Vendor Statements (XMB)
  
• XMB Forum Home Page (The XMB Group)