header-logo
Suggest Exploit
vendor:
PostBoard
by:
SecurityFocus
4.3
CVSS
MEDIUM
Input Validation
20
CWE
Product Name: PostBoard
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: N/A
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Unix and Linux
2002

PostBoard Vulnerability

PostBoard does not adequately sanitize input by board users. Because of this, it is possible for users of the board to insert script code in message titles.

Mitigation:

Input validation should be used to ensure that user-supplied data is properly sanitized.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/4561/info

PostBoard is a freely available, open source message board module for the PostNuke content management system. It is designed for use on the Unix and Linux operating systems.

PostBoard does not adequately sanitize input by board users. Because of this, it is possible for users of the board to insert script code in message titles.

The following code is proof of concept:

<script>alert('give me cookies');</script>

Navigation

Suggest Exploit

Services By CQR