header-logo
Suggest Exploit
vendor:
Snitz Forums 2000
by:
SecurityFocus
7.5
CVSS
HIGH
Script Injection
79
CWE
Product Name: Snitz Forums 2000
Affected Version From: Snitz Forums 2000
Affected Version To: Snitz Forums 2000
Patch Exists: YES
Related CWE: CVE-2002-1390
CPE: a:snitz_communications:snitz_forums_2000
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows
2002

Snitz Forums 2000 Image Tag Script Injection Vulnerability

Snitz Forums 2000 is vulnerable to script injection via the image tag. An attacker can inject arbitrary script code into forum messages via these image tags. Script code will be executed in the browser of the user viewing the forum message, in the context of the website running the vulnerable software. This may allow an attacker to steal cookie-based authentication credentials.

Mitigation:

Upgrade to the latest version of Snitz Forums 2000.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/4192/info

Snitz Forums 2000 is ASP-based web forum software. It runs on Microsoft Windows operating systems.

Snitz Forums 2000 allows users to include images in forum messages using image tags, with the following syntax:

[img]url of image[/img]

It is possible to inject arbitrary script code into forum messages via these image tags. Script code will be executed in the browser of the user viewing the forum message, in the context of the website running the vulnerable software. This may allow an attacker to steal cookie-based authentication credentials. 


[img]javasCript:alert('Hello world.')[/img]

Navigation

Suggest Exploit

Services By CQR