header-logo
Suggest Exploit
vendor:
PostBoard
by:
SecurityFocus
4.3
CVSS
MEDIUM
Script Insertion
79
CWE
Product Name: PostBoard
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: Yes
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Unix and Linux
2002

PostBoard IMG Tag Script Insertion Vulnerability

PostBoard is a freely available, open source message board module for the PostNuke content management system. It is designed for use on the Unix and Linux operating systems. PostBoard does not sanitize code submitted to site between IMG tags. Due to this, a malicious user may be able to submit a post to the site with script code between two IMG tags. The following code is proof of concept: [IMG]javascript:alert('give me cookies');[/IMG]

Mitigation:

Sanitize code submitted to site between IMG tags.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/4559/info

PostBoard is a freely available, open source message board module for the PostNuke content management system. It is designed for use on the Unix and Linux operating systems.

PostBoard does not sanitize code submitted to site between IMG tags. Due to this, a malicious user may be able to submit a post to the site with script code between two IMG tags. 

The following code is proof of concept:

[IMG]javascript:alert('give me cookies');[/IMG]

Navigation

Suggest Exploit

Services By CQR