header-logo
Suggest Exploit
vendor:
UseBB
by:
Not mentioned
5.5
CVSS
MEDIUM
Cross-Site Scripting
79
CWE
Product Name: UseBB
Affected Version From: UseBB 1.0.7
Affected Version To: Not mentioned
Patch Exists: YES
Related CWE: Not mentioned
CPE: Not mentioned
Metasploit:
Other Scripts:
Platforms Tested: Not mentioned
Not mentioned

Multiple Cross-Site Scripting Vulnerabilities in UseBB

The UseBB application fails to properly sanitize user-supplied input, leading to multiple cross-site scripting vulnerabilities. An attacker can exploit these vulnerabilities to execute arbitrary script code in the browser of an unsuspecting user, potentially allowing them to steal cookie-based authentication credentials and launch further attacks.

Mitigation:

It is recommended to update to a patched version of UseBB that properly sanitizes user-supplied input to prevent cross-site scripting vulnerabilities. Additionally, users should be cautious when clicking on unknown or suspicious links.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/24990/info

UseBB is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input.

An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

UseBB 1.0.7 is vulnerable to these issues. 

http://www.example.com/UseBB/install/upgrade-0-2-3.php/"><ScRiPt>alert(document.cookie);</ScRiPt>

Navigation

Suggest Exploit

Services By CQR