by r0t,der4444,cembo,VietMafia

Wednesday, November 23, 2005

sCssBoard XSS vuln in search param.

sCssBoard XSS vuln in search param.
Vuln. dicovered by : r0t
Date: 24 nov. 2005
Vendor:http://scssboard.if-hosting.com/wiki/index.php/Main_Page
affected version: Tested on sCssBoard 1.2 and 1.12 it can work also in prior versions.

Vuln. description:
There is an input passed parameter in sCssBoard search module wich isn't properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

Solution:
Edit the source code to ensure that input is properly sanitised.

0 Comments:

Post a Comment

<< Home

 
Copyright (c) 2006 Pridels Sec Crew