header-logo
Suggest Exploit
vendor:
IcrediBB
by:
SecurityFocus
7.5
CVSS
HIGH
Cross Site Scripting
79
CWE
Product Name: IcrediBB
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Unix, Linux, Microsoft Windows
2002

IcrediBB Cross Site Scripting Vulnerability

IcrediBB does not adequately filter script code from forum message form fields. This may enable an attacker to inject malicious script code into forum messages. An attacker who exploits this may be able to hijack web content or steal cookie-based authentication credentials. Post a message with the following text in the subject or message body: <script>alert('Cross Site Scripting possible');</script>

Mitigation:

Filter user input to prevent malicious script code from being injected into forum messages.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/4548/info

IcrediBB is freely available web forum software. It is written in PHP and will run on most Unix and Linux variants, as well as Microsoft Windows operating systems.

IcrediBB does not adequately filter script code from forum message form fields. This may enable an attacker to inject malicious script code into forum messages.

An attacker who exploits this may be able to hijack web content or steal cookie-based authentication credentials. 

Post a message with the following text in the subject or message body:

<script>alert('Cross Site Scripting possible');</script>

Navigation

Suggest Exploit

Services By CQR