ASP-DEV XM Forum RC3 - IMG Tag Script Injection
| EKU-ID: 30673 | CVE: CVE-2005-1008;OSVDB-15190 | OSVDB-ID: |
| Author: Zinho | Published: 2005-03-31 | Verified:
 |
| Download: | ||
Rating☆☆☆☆☆ |
| EKU-ID: 30673 | CVE: CVE-2005-1008;OSVDB-15190 | OSVDB-ID: |
| Author: Zinho | Published: 2005-03-31 | Verified:
|
| Download: | ||
Rating☆☆☆☆☆ |
source: https://www.securityfocus.com/bid/12958/info XM Forum is reported prone to a script injection vulnerability. An attacker can supply arbitrary HTML and script code through the BBCode IMG tag to trigger this issue and execute arbitrary script code in a user's browser. XM Forum RC3 is reported vulnerable. It is possible that other versions are affected as well. [IMG]javasc+ript:alert(document.cookie)[/IMG]