25th Feb 2002 [SBWID-5137]
COMMAND
XMB cross-scripting vulnerability
SYSTEMS AFFECTED
All versions of XMB board, including last version -
XMB 1.6x Magic Lantern
PROBLEM
SliderGod posted :
XMB is a php-based forum. This product contain a Cross Site Scripting
vulnerability that allows attackers to insert JavaScript code (and
other HTML code) into existing messages, bypassing the internal
JavaScript/HTML code stripper.
Exploit :
=======
[img]javasCript:alert(\'Hello world.\')[/img]
SOLUTION
Searching the image URL for the text \"javascript:\" should solve the
problem
TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH
