header-logo
Suggest Exploit
vendor:
XMB
by:
SecurityFocus
7.5
CVSS
HIGH
Cross-site Scripting (XSS)
79
CWE
Product Name: XMB
Affected Version From: 1.6 Magic Lantern pre-beta
Affected Version To: 1.6 Magic Lantern pre-beta
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2002

XMB 1.6 Magic Lantern Pre-Beta Vulnerability

XMB 1.6 Magic Lantern pre-beta version reportedly allows JavaScript and HTML to be entered in messages by entering script or HTML between [img] and [/img] tags in a forum message.

Mitigation:

Upgrade to the 1.6 Magic Lantern final beta version of XMB.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/4167/info

The Extreme Message Board (XMB) 1.6 Magic Lantern pre-beta version reportedly allows JavaScript and HTML to be entered in messages. This can be achieved by entering script or HTML between [img] and [/img] tags in a forum message.

This has been fixed in the 1.6 Magic Lantern final beta version of XMB. 

[img]javasCript:alert('Hello world.')[/img]

Navigation

Suggest Exploit

Services By CQR