lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <20050424152920.27869.qmail@www.securityfocus.com> Date: 24 Apr 2005 15:29:20 -0000 From: <admin@...znet.com> To: bugtraq@...urityfocus.com Subject: WoltLab Burning Board <= 2.3.1 PL2 - XSS Vulnerability (24.04.05) WoltLab Burning Board <= 2.3.1 PL2 - XSS Vulnerability Vendor: WoltLab URL: http://www.woltlab.de/ Version: <= 2.3.1 PL 2 Type: XSS Discovered by [R] and deluxe89 Description: -------------------------------- The WoltLab Burning Board is a high customisable forum software for every kind of use. See [1] for a detailed description. Cross Site Scripting: -------------------------------- It's possible to inject malicious code in the "folderid"-variable in pms.php. /pms.php?folderid=[XSS] Patch: -------------------------------- There isn't a patch from the vendor, but you can use htmlspecialchars() to fix it. Visit -------------------------------- http://www.batznet.com/ http://www.security-project.org/ Vendor contacted. Greetz to 2lm, reddi, EaTh, Madinfect and darkkilla [1] http://www.woltlab.de/products/burning_board/index_en.php
Powered by blists - more mailing lists