Multiple Cross-Site Scripting Vulnerabilities in Vikingboard

vendor:

Vikingboard

by:

Unknown

5.5

CVSS

MEDIUM

Cross-Site Scripting (XSS)

CWE

Product Name: Vikingboard

Affected Version From: 2000.1.2

Affected Version To: 2000.1.2

Patch Exists: NO

Related CWE: CVE-2007-5264

CPE: a:vikingboard_project:vikingboard:0.1.2

Metasploit:

Other Scripts:

Platforms Tested:

2007

Multiple Cross-Site Scripting Vulnerabilities in Vikingboard

Vikingboard is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting this issue could allow an attacker to steal cookie-based authentication credentials and to launch other attacks.

Mitigation:

To mitigate these vulnerabilities, it is recommended to sanitize user-supplied data before using it in dynamic web content.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/25056/info
  
Vikingboard is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.
  
Exploiting this issue could allow an attacker to steal cookie-based authentication credentials and to launch other attacks.
  
Vikingboard 0.1.2 is vulnerable; other versions may also be affected. 

http://www.example.com/viking/post.php?mode=00&f=1[XSS-CODE]&poll=0

http://www.example.com/viking/post.php?mode=03&t=2"e=2[XSS-CODE]

http://www.example.com/viking/post.php?mode=03&t=2[XSS-CODE]"e=2

http://www.example.com/viking/post.php?mode=00&f=1&poll=0[XSS-CODE]

http://www.example.com/viking/post.php?mode=02&p=2[XSS-CODE]