header-logo
Suggest Exploit
vendor:
BoardPower Forum
by:
Unknown
7.5
CVSS
HIGH
Cross-Site Scripting
79
CWE
Product Name: BoardPower Forum
Affected Version From: Unknown
Affected Version To: Unknown
Patch Exists: NO
Related CWE: CVE-Unknown
CPE: a:boardpower_forum
Metasploit:
Other Scripts:
Platforms Tested: Unknown
Unknown

Cross-Site Scripting Vulnerability in BoardPower Forum

A remote attacker can create a malicious link to the vulnerable application that includes hostile HTML and script code. If the link is followed, the hostile code may be rendered in the web browser of the victim user, potentially allowing for theft of cookie-based authentication credentials or other attacks.

Mitigation:

Proper input sanitization and validation should be implemented to prevent cross-site scripting vulnerabilities.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/10734/info

BoardPower Forum is reportedly affected by a cross-site scripting vulnerability in the icq.cgi script. This issue is due to a failure of the application to properly sanitize user-supplied URI input.

A remote attacker can exploit this issue by creating a malicious link to the vulnerable application that includes hostile HTML and script code. If this link were followed, the hostile code may be rendered in the web browser of the victim user. This would occur in the security context of the web server and may allow for theft of cookie-based authentication credentials or other attacks. 

http://www.example.com/cgi-bin/boardpower/icq.cgi?action=<script>javascript:alert('hello');</script>

Navigation

Suggest Exploit

Services By CQR