[UNIX] XSS Vulnerabilities Found in XMB Forum

From: SecuriTeam (support_at_securiteam.com)
Date: 06/23/03

Next message: SecuriTeam: "[EXPL] Exploit Code Released for GNATS Multiple Buffer Overflow Vulnerabilities"

Previous message: SecuriTeam: "[UNIX] IMP Allows Arbitrary File Reading and Path Disclosure"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: list@securiteam.com
Date: 23 Jun 2003 10:44:59 +0200

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

Beyond Security in Canada

Toronto-based Sunrays Technologies is now Beyond Security's representative in Canada.
We welcome ISPs, system integrators and IT systems resellers
to promote the most advanced vulnerability assessment solutions today.

- - - - - - - - -

XSS Vulnerabilities Found in XMB Forum
------------------------------------------------------------------------

SUMMARY

<http://www.xmbforum.com/> XMB Forum is "a free web-based bulletin board
system written in PHP with a MySQL backend". Multiple cross site scripting
vulnerabilities have been found in the XMB Forum, these vulnerabilities
would allow attackers to insert malicious HTML and JavaScript code into
existing web pages.

DETAILS

Vulnerable systems:
* XMB Forum version 1.8
* XMB Forum version 1.9

Examples:
http://pathto/XMBforum/member.php?action=viewpro&member=admin<
script>alert(document.cookie)</script>

http://pathto/XMBforum/buddy.php?action=<
script>alert(document.cookie)</script>&buddy=<script
>alert(document.cookie)</script>

Vendor status:
The vendor has been contacted. A fixed version is scheduled to be
released.

ADDITIONAL INFORMATION

The information has been provided by <mailto:knight4vn@yahoo.com> thanh
duong.

========================================

This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com

====================
====================

DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.

Next message: SecuriTeam: "[EXPL] Exploit Code Released for GNATS Multiple Buffer Overflow Vulnerabilities"

Previous message: SecuriTeam: "[UNIX] IMP Allows Arbitrary File Reading and Path Disclosure"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

[UNIX] Vulnerabilities in PGPMail.pl Lead to Remote Code Execution
... The following security advisory is sent to the securiteam mailing list, and can be found at
the SecuriTeam web site: http://www.securiteam.com ... Two vulnerabilities exist
that allow a remote attacker to execute ... The script passes user-supplied data directly
to a shell: ... > # Don't pass the recipient to the $mailprog on the command line. ...
(Securiteam)
[UNIX] ftls.org Guestbook Script Injection Vulnerabilities
... The following security advisory is sent to the securiteam mailing list, and can be found at
the SecuriTeam web site: http://www.securiteam.com ... found to contain multiple script
injection vulnerabilities (Cross site ... When filling in ones name use: ...
(Securiteam)