JSBoard Login.PHP Cross-Site Scripting Vulnerability

Bugtraq ID:	17778
Class:	Input Validation Error
CVE:	CVE-2006-2109
Remote:	Yes
Local:	No
Published:	May 02 2006 12:00AM
Updated:	Jul 12 2009 05:56PM
Credit:	Alexander Klink is credited with the discovery of this vulnerability.
Vulnerable:	JSBoard JSBoard 2.0.11 JSBoard JSBoard 2.0.10
Not Vulnerable:	JSBoard JSBoard 2.0.12

JSBoard Login.PHP Cross-Site Scripting Vulnerability

JSBoard is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.

An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

JSBoard Login.PHP Cross-Site Scripting Vulnerability

This issue can be exploited through a web client.

The following proof-of-concept URI is available:

• /data/vulnerabilities/exploits/jsboard-lt2.0.12-xss.txt

JSBoard Login.PHP Cross-Site Scripting Vulnerability

Solution:
The vendor has released version 2.0.12 to address this issue.


JSBoard JSBoard 2.0.10

• JSBoard jsboard-2.0.12.tar.gz
  http://kldp.net/frs/download.php/3344/jsboard-2.0.12.tar.gz

JSBoard JSBoard 2.0.11

• JSBoard jsboard-2.0.12.tar.gz
  http://kldp.net/frs/download.php/3344/jsboard-2.0.12.tar.gz

JSBoard Login.PHP Cross-Site Scripting Vulnerability

References:

• JSBoard Product Page (JSBoard)
  
• JSBoard XSS vulnerability (Alexander Klink )