header-logo
Suggest Exploit
vendor:
Splatt Forum
by:
SecurityFocus
7.5
CVSS
HIGH
Remote Script Execution
79
CWE
Product Name: Splatt Forum
Affected Version From: 4
Affected Version To: 4
Patch Exists: NO
Related CWE: N/A
CPE: splatt-forum
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2002

Splatt Forum Remote Script Execution Vulnerability

Splatt Forum is a public message board plugin designed to be used with PHPNuke. It has been reported that Splatt Forum does not sufficiently filter user supplied URI parameters for the Splatt Forum 'Search' function. As a result of this deficiency, it is possible for a remote attacker to create a malicious link containing script code that will be executed in the browser of a legitimate user.

Mitigation:

Filter user supplied URI parameters for the Splatt Forum 'Search' function.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/7483/info

Splatt Forum is a public message board plugin designed to be used with PHPNuke.

It has been reported that Splatt Forum does not sufficiently filter user supplied URI parameters for the Splatt Forum 'Search' function.

As a result of this deficiency, it is possible for a remote attacker to create a malicious link containing script code that will be executed in the browser of a legitimate user.

This vulnerability was reported to affect Splatt Forum version 4.0, it is not currently known if other versions are affected. 

Perform a search with the keywords:

<iframe src="http://www.example.com">

Navigation

Suggest Exploit

Services By CQR