Bugtraq mailing list archives
WoltLab Burning Board <= 2.3.1 PL2 - XSS Vulnerability (24.04.05)
From: <admin () batznet com>
Date: 24 Apr 2005 15:29:20 -0000
WoltLab Burning Board <= 2.3.1 PL2 - XSS Vulnerability Vendor: WoltLab URL: http://www.woltlab.de/ Version: <= 2.3.1 PL 2 Type: XSS Discovered by [R] and deluxe89 Description: -------------------------------- The WoltLab Burning Board is a high customisable forum software for every kind of use. See [1] for a detailed description. Cross Site Scripting: -------------------------------- It's possible to inject malicious code in the "folderid"-variable in pms.php. /pms.php?folderid=[XSS] Patch: -------------------------------- There isn't a patch from the vendor, but you can use htmlspecialchars() to fix it. Visit -------------------------------- http://www.batznet.com/ http://www.security-project.org/ Vendor contacted. Greetz to 2lm, reddi, EaTh, Madinfect and darkkilla [1] http://www.woltlab.de/products/burning_board/index_en.php
Current thread:
- WoltLab Burning Board <= 2.3.1 PL2 - XSS Vulnerability (24.04.05) admin (Apr 25)