Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
Re: aXentForum II XSS vuLLn
From: Steven M. Christey (coleymitre.org)
Date: Thu Jun 22 2006 - 00:45:09 CDT
The same executable (viewposts.cfm) and parameter (startrow) was
reported by r0t at 13:49 June 15, 2006, probably Finland time:
In fact, the Bugtraq post contains the following text, which is
exactly the same as r0t's blog entry as of June 21, including the lack
of spaces between the ":"
affected versions:aXentForum II and prior
aXentForum II contains a flaw that allows a remote Cross-Site
Scripting attacks.Input passed to the "startrow" parameter in
"viewposts.cfm" isn't properly sanitised before being returned to
This can be exploited to execute arbitrary HTML and script code in a
user's browser session in context of an affected site.
The Bugtraq reader is encouraged to search the vulnerability database
of his/her choice to determine which researcher is more likely to have
been the original source of this report.