mailing list archives
BBcode XSS in CLANSPHERE
From: advisory () htbridge ch
Date: Tue, 16 Nov 2010 17:22:45 +0100 (CET)
Vulnerability ID: HTB22691
Vendor: csphere.eu ( http://www.csphere.eu/ )
Vulnerable Version: 2010.0 Final
Vendor Notification: 02 November 2010
Vulnerability Type: BBcode XSS
Status: Fixed by Vendor
Risk level: Medium
Credit: High-Tech Bridge SA - Ethical Hacking & Penetration Testing (http://www.htbridge.ch/)
BBcode isn't properly sanitized. This can be used to post arbitrary script code.
Successful exploitation of this vulnerability could result in a compromise of the application, theft of cookie-based
authentication credentials, disclosure or modification of sensitive data.
An attacker can use browser to exploit this vulnerability.
Solution: Upgrade to the most recent version
- BBcode XSS in CLANSPHERE advisory (Nov 17)