|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[sec-adv] Thread-IT Message Board Cross-Site Scripting
From: Secunia Security Advisories (sec-adv
secunia.com)
Date: Thu Sep 25 2003 - 06:42:01 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
TITLE:
Thread-IT Message Board Cross-Site Scripting
SECUNIA ADVISORY ID:
SA9844
VERIFY ADVISORY:
http://www.secunia.com/advisories/9844/
CRITICAL:
Less critical
IMPACT:
Cross Site Scripting
WHERE:
From remote
SOFTWARE:
Thread-IT Message Board 1.x
DESCRIPTION:
A vulnerability has been reported in Thread-IT Message Board, which
can be exploited by malicious people to conduct Cross-Site Scripting
attacks.
The vulnerability is caused due to missing validation of input
supplied to the "Topic Title", "Name", and "Message" fields. This can
be exploited to insert arbitrary script code, which is executed in a
user's browser session when viewed.
The vulnerability has been reported in version 1.6. However, other
versions may also be affected.
SOLUTION:
Filter malicious characters in a HTTP proxy.
REPORTED BY / CREDITS:
Bahaa Naamneh
----------------------------------------------------------------------
Secunia recommends that you verify all advisories you receive, by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
Contact details:
Web : http://www.secunia.com/
E-mail : supportsecunia.com
Tel : +45 7020 5144
Fax : +45 7020 5145
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
----------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]