header-logo
Suggest Exploit
vendor:
XM Forum
by:
SecurityFocus
7.5
CVSS
HIGH
Script Injection
79
CWE
Product Name: XM Forum
Affected Version From: RC3
Affected Version To: RC3
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2005

XM Forum Script Injection Vulnerability

XM Forum is reported prone to a script injection vulnerability. An attacker can supply arbitrary HTML and script code through the BBCode IMG tag to trigger this issue and execute arbitrary script code in a user's browser.

Mitigation:

Input validation should be used to ensure that user-supplied input is properly sanitized.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/12958/info

XM Forum is reported prone to a script injection vulnerability.

An attacker can supply arbitrary HTML and script code through the BBCode IMG tag to trigger this issue and execute arbitrary script code in a user's browser.

XM Forum RC3 is reported vulnerable. It is possible that other versions are affected as well. 

[IMG]javasc+ript:alert(document.cookie)[/IMG]

Navigation

Suggest Exploit

Services By CQR