header-logo
Suggest Exploit
vendor:
IdealBB
by:
SecurityFocus
8.3
CVSS
HIGH
HTML Injection
79
CWE
Product Name: IdealBB
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2002

IdealBB HTML Injection Vulnerability

IdealBB is prone to an HTML injection vulnerability, which allows remote attackers to inject malicious HTML and script code into board messages. The attacker's code may be rendered in the web browser of the user viewing the malicious message. An example of this is the code provided in the description, which when clicked, will display an alert box containing the user's cookie information.

Mitigation:

To mitigate this vulnerability, users should ensure that all input is properly sanitized and validated.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/8480/info

IdealBB is prone to an HTML injection vulnerability. This could permit remote attackers to inject malicious HTML and script code into board messages. The attacker's code may be rendered in the web browser of the user viewing the malicious message.

<a href="http://www.google.com" onclick="j&#97;vascript:alert(do&#99;ument.cookie);">Google</a>

Navigation

Suggest Exploit

Services By CQR