header-logo
Suggest Exploit
vendor:
YaBB Forum
by:
Unknown
5.5
CVSS
MEDIUM
Cross-Site Scripting (XSS)
79
CWE
Product Name: YaBB Forum
Affected Version From: Unknown
Affected Version To: Unknown
Patch Exists: NO
Related CWE: Unknown
CPE: a:yabb:yabb_forum
Metasploit:
Other Scripts:
Platforms Tested:
Unknown

Cross-Site Scripting Vulnerability in YaBB.pl Script

A remote attacker can create a malicious link containing arbitrary HTML and JavaScript code as URI parameters in the YaBB.pl script. When an unsuspecting user visits the link, the attacker's code will be executed in their browser in the context of the vulnerable website.

Mitigation:

Apply input validation and sanitization techniques to prevent the execution of arbitrary code. Update the YaBB.pl script to a patched version that addresses the vulnerability.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/11215/info

A cross-site scripting vulnerability is reported in the YaBB forum 'YaBB.pl' script.

As a result, it is possible for a remote attacker to create a malicious link to the affected page of a site hosting the web forum. The malicious link may contain arbitrary HTML and JavaScript code in URI parameters. When this link is visited by an unsuspecting web user, the attacker-supplied code will be executed in their browser in the security context of the vulnerable website.

http://www.example.com/YaBB.pl?board=;action=imsend;to=%22%3E%3Cscript%3Ealert(document
.cookie)%3C/script%3E

Navigation

Suggest Exploit

Services By CQR