ID OSVDB:10722 Type osvdb Reporter Spiffomatic64() Modified 2004-10-13T07:27:55
Description
Vulnerability Description
FuseTalk contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate "img src=" variables upon submission to the filtering javascript. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
Solution Description
Currently, there are no known upgrades, patches, or workarounds available to correct this issue.
Short Description
FuseTalk contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate "img src=" variables upon submission to the filtering javascript. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
References:
Vendor URL: http://www.fusetalk.com/
Security Tracker: 1011664
Secunia Advisory ID:12823
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-10/0096.html
CVE-2004-1594
{"type": "osvdb", "published": "2004-10-13T07:27:55", "href": "https://vulners.com/osvdb/OSVDB:10722", "hashmap": [{"key": "affectedSoftware", "hash": "a2cca1ccd51a77cc83a558c4a021bfed"}, {"key": "bulletinFamily", "hash": "f9fa10ba956cacf91d7878861139efb9"}, {"key": "cvelist", "hash": "bf18fc34c83a8a5baef917171f915b91"}, {"key": "cvss", "hash": "6e9bdd2021503689a2ad9254c9cdf2b3"}, {"key": "description", "hash": "ab3215f251414a6545dde11f34b02dd0"}, {"key": "href", "hash": "2fa24a6fee4caf0198b04dbabe252b73"}, {"key": "modified", "hash": "16e642ca8a61f573982d3997d314aa2b"}, {"key": "objectVersion", "hash": "56765472680401499c79732468ba4340"}, {"key": "published", "hash": "16e642ca8a61f573982d3997d314aa2b"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "e4ee6c0f7c2fc02d886be03c81b337de"}, {"key": "title", "hash": "e3d387aaebc1dce97a95617025ddc1eb"}, {"key": "type", "hash": "1327ac71f7914948578f08c54f772b10"}], "bulletinFamily": "software", "cvss": {"vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/", "score": 4.3}, "viewCount": 0, "history": [], "edition": 1, "objectVersion": "1.2", "reporter": "Spiffomatic64()", "title": "FuseTalk img src Tag Script Insertion", "affectedSoftware": [{"operator": "eq", "version": "2", "name": "FuseTalk"}, {"operator": "eq", "version": "4", "name": "FuseTalk"}, {"operator": "eq", "version": "3", "name": "FuseTalk"}], "enchantments": {"score": {"value": 4.9, "vector": "NONE", "modified": "2017-04-28T13:20:06"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2004-1594"]}, {"type": "openvas", "idList": ["OPENVAS:136141256231015479"]}, {"type": "nessus", "idList": ["FUSETALK_FORUM_XSS.NASL"]}], "modified": "2017-04-28T13:20:06"}, "vulnersScore": 4.9}, "references": [], "id": "OSVDB:10722", "hash": "768e2cebf113594d2989c4f8ad812a67d6424a8a47bfb2bea419fbc79762bcd1", "lastseen": "2017-04-28T13:20:06", "cvelist": ["CVE-2004-1594"], "modified": "2004-10-13T07:27:55", "description": "## Vulnerability Description\nFuseTalk contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate \"img src=\" variables upon submission to the filtering javascript. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nFuseTalk contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate \"img src=\" variables upon submission to the filtering javascript. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.\n## References:\nVendor URL: http://www.fusetalk.com/\nSecurity Tracker: 1011664\n[Secunia Advisory ID:12823](https://secuniaresearch.flexerasoftware.com/advisories/12823/)\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-10/0096.html\n[CVE-2004-1594](https://vulners.com/cve/CVE-2004-1594)\n"}
{"cve": [{"lastseen": "2019-05-29T18:08:03", "bulletinFamily": "NVD", "description": "Cross-site scripting (XSS) vulnerability in FuseTalk 4.0 allows remote attackers to execute arbitrary web script via an img src tag.", "modified": "2017-07-11T01:31:00", "id": "CVE-2004-1594", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-1594", "published": "2004-10-13T04:00:00", "title": "CVE-2004-1594", "type": "cve", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "nessus": [{"lastseen": "2019-11-01T02:40:11", "bulletinFamily": "scanner", "description": "The remote host is using FuseTalk, a web-based discussion forum.\n\nA vulnerability exists in the script ", "modified": "2019-11-02T00:00:00", "id": "FUSETALK_FORUM_XSS.NASL", "href": "https://www.tenable.com/plugins/nessus/15479", "published": "2004-10-17T00:00:00", "title": "FuseTalk Forum img src Tag XSS", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(15479);\n script_version(\"1.23\");\n\n script_cve_id(\"CVE-2004-1594\");\n script_bugtraq_id(11407, 11393);\n \n script_name(english:\"FuseTalk Forum img src Tag XSS\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server is running a web application that is susceptible\nto cross-site scripting attacks.\" );\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is using FuseTalk, a web-based discussion forum.\n\nA vulnerability exists in the script 'tombstone.cfm' that could allow \nan attacker to execute arbitrary HTML and script code in the context \nof the user's browser.\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://seclists.org/bugtraq/2004/Oct/106\" );\n script_set_attribute(attribute:\"solution\", value:\n\"There is no known solution at this time.\" );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:U/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);\n\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2004/10/17\");\n script_set_attribute(attribute:\"vuln_publication_date\", value: \"2004/10/13\");\n script_cvs_date(\"Date: 2018/11/15 20:50:19\");\nscript_set_attribute(attribute:\"plugin_type\", value:\"remote\");\nscript_end_attributes();\n\n \n script_summary(english:\"Checks XSS in FuseTalk\");\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2018 Tenable Network Security, Inc.\");\n script_family(english:\"CGI abuses : XSS\");\n script_dependencie(\"http_version.nasl\");\n script_require_ports(\"Services/www\", 80);\n script_exclude_keys(\"Settings/disable_cgi_scanning\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"global_settings.inc\");\ninclude(\"http_func.inc\");\ninclude(\"http_keepalive.inc\");\n\nport = get_http_port(default:80);\n\nif(!get_port_state(port))exit(0);\n\nfunction check(loc)\n{\n local_var r, req;\n req = http_get(item:string(loc, \"/tombstone.cfm?ProfileID=<script>foo</script>\"), port:port);\n r = http_keepalive_send_recv(port:port, data:req, bodyonly:1);\n if( r == NULL )exit(0);\n if ( \"FuseTalk Inc.\" >< r && egrep(pattern:\"<script>foo</script>\", string:r) )\n {\n security_warning(port);\n set_kb_item(name: 'www/'+port+'/XSS', value: TRUE);\n }\n exit(0);\n}\n\nforeach dir (cgi_dirs())\n{\n check(loc:dir);\n}\n\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "openvas": [{"lastseen": "2019-11-26T15:24:25", "bulletinFamily": "scanner", "description": "The remote host is using FuseTalk, a web based discussion forum.\n\n A vulnerability exists in the script ", "modified": "2019-11-22T00:00:00", "published": "2005-11-03T00:00:00", "id": "OPENVAS:136141256231015479", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231015479", "title": "FuseTalk forum XSS", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Description: FuseTalk forum XSS\n#\n# Authors:\n# David Maciejak <david dot maciejak at kyxar dot fr>\n#\n# Copyright:\n# Copyright (C) 2004 David Maciejak\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\n# Ref: <steven@lovebug.org>.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.15479\");\n script_version(\"2019-11-22T13:51:04+0000\");\n script_tag(name:\"last_modification\", value:\"2019-11-22 13:51:04 +0000 (Fri, 22 Nov 2019)\");\n script_tag(name:\"creation_date\", value:\"2005-11-03 14:08:04 +0100 (Thu, 03 Nov 2005)\");\n script_cve_id(\"CVE-2004-1594\");\n script_bugtraq_id(11407, 11393);\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_name(\"FuseTalk forum XSS\");\n script_category(ACT_ATTACK);\n script_copyright(\"This script is Copyright (C) 2004 David Maciejak\");\n script_family(\"Web application abuses\");\n script_dependencies(\"find_service.nasl\", \"http_version.nasl\", \"cross_site_scripting.nasl\", \"global_settings.nasl\");\n script_require_ports(\"Services/www\", 80);\n script_exclude_keys(\"Settings/disable_cgi_scanning\");\n\n script_tag(name:\"solution\", value:\"Upgrade to the latest version of this software\");\n script_tag(name:\"summary\", value:\"The remote host is using FuseTalk, a web based discussion forum.\n\n A vulnerability exists in the script 'tombstone.cfm' which may allow\n an attacker to execute arbitrary HTML and script code in the context\n of the user's browser.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"remote_vul\");\n\n exit(0);\n}\n\n\ninclude(\"http_func.inc\");\ninclude(\"http_keepalive.inc\");\n\nport = get_http_port( default:80 );\n\nhost = http_host_name( dont_add_port:TRUE );\nif( http_get_has_generic_xss( port:port, host:host ) ) exit( 0 );\n\nforeach dir( make_list_unique( \"/\", cgi_dirs( port:port ) ) ) {\n\n if( dir == \"/\" ) dir = \"\";\n url = dir + \"/tombstone.cfm?ProfileID=<script>foo</script>\";\n\n if( http_vuln_check( port:port, url:url, pattern:\"<script>foo</script>\", extra_check:\"FuseTalk Inc.\", check_header:TRUE ) ) {\n report = report_vuln_url( port:port, url:url );\n security_message( port:port, data:report );\n exit( 0 );\n }\n}\n\nexit( 99 );\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}]}
