vendor:
KaiBB
by:
High-Tech Bridge SA - Ethical Hacking & Penetration Testing
3,3
CVSS
LOW
BBcode XSS and Path Disclosure
79 and 200
CWE
Product Name: KaiBB
Affected Version From: 1.0.1
Affected Version To: 1.0.1
Patch Exists: NO
Related CWE: N/A
CPE: a:mi-dia:kaibb
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2010
BBcode XSS and Path Disclosure in KaiBB
User can execute arbitrary JavaScript code within the vulnerable application. BBcode isn't properly sanitized. This can be used to post arbitrary script code. The vulnerability exists due to failure in the "/index.php" script to properly sanitize user-supplied input in "f" variable, it's possible to generate an error that will reveal the full path of the script.
Mitigation:
Input validation and sanitization should be done to prevent XSS and Path Disclosure.
