GrimBB Multiple Unspecified Cross-Site Scripting Vulnerabilities

Bugtraq ID:	21243
Class:	Input Validation Error
CVE:
Remote:	Yes
Local:	No
Published:	Nov 22 2006 12:00AM
Updated:	Nov 24 2006 06:50PM
Credit:	The vendor reported these vulnerabilities.
Vulnerable:	GrimBB GrimBB 2006-11-17
Not Vulnerable:	GrimBB GrimBB 2006-11-21

GrimBB Multiple Unspecified Cross-Site Scripting Vulnerabilities

GrimBB is prone to multiple unspecified cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input data.

An attacker may leverage these issues to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

GrimBB versions prior to 2006-11-21 are vulnerable to these issues.

GrimBB Multiple Unspecified Cross-Site Scripting Vulnerabilities

To exploit these issues, an attacker must entice an unsuspecting victim into following a malicious URI.

GrimBB Multiple Unspecified Cross-Site Scripting Vulnerabilities

Solution:
The vendor has released an upgrade to address these issues. Please see the references for more information.

GrimBB Multiple Unspecified Cross-Site Scripting Vulnerabilities

References:

• GrimBB Home Page (GrimBB)
  
• Release Name: grimbb_2006_11_21 (GrimBB)