Bugtraq mailing list archives
XMB cross-scripting vulnerability
From: skizzik () imail ru
Date: Fri, 22 Feb 2002 17:00:58 +0300
XMB is a php-based forum. This product contain a Cross Site Scripting vulnerability that allows attackers to insert JavaScript code (and other HTML code) into existing messages, bypassing the internal JavaScript/HTML code stripper. Exploit: [img]javasCript:alert('Hello world.')[/img] Vulnerable systems: All versions of XMB board, including last version - XMB 1.6x Magic Lantern Immune systems: None Possible solution: Searching the image URL for the text "javascript:" should solve the problem SliderGod.
Current thread:
- XMB cross-scripting vulnerability skizzik (Feb 23)
- Open Bulletin Board javascript bug. skizzik (Feb 25)