OvBB HTML Injection Vulnerability
BID:21866
Info
OvBB HTML Injection Vulnerability
| Bugtraq ID: | 21866 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 04 2007 12:00AM |
| Updated: | Jan 04 2007 12:00AM |
| Credit: | This vulnerability was reported by the vendor. |
| Vulnerable: |
OvBB OvBB 0.8 a OvBB OvBB 0.7 a OvBB OvBB 0.6 a OvBB OvBB 0.5 a OvBB OvBB 0.4 a OvBB OvBB 0.3 a OvBB OvBB 0.2 a OvBB OvBB 0.1 a |
| Not Vulnerable: |
OvBB OvBB 0.14a |
Discussion
OvBB HTML Injection Vulnerability
OvBB is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input before using it in the 'online.php' script.
Attacker-supplied HTML and script code may run in the context of the affected website, potentially allowing an attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user; other attacks are also possible.
Versions prior to 0.14a are vulnerable to this issue.
OvBB is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input before using it in the 'online.php' script.
Attacker-supplied HTML and script code may run in the context of the affected website, potentially allowing an attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user; other attacks are also possible.
Versions prior to 0.14a are vulnerable to this issue.
Exploit / POC
OvBB HTML Injection Vulnerability
An attacker can exploit this issue using a web browser.
An attacker can exploit this issue using a web browser.
Solution / Fix
OvBB HTML Injection Vulnerability
Solution:
The vendor has released version 0.14a to address this issue. Please see the vendor reference for information on affected versions and available updates.
Solution:
The vendor has released version 0.14a to address this issue. Please see the vendor reference for information on affected versions and available updates.