XMB Forum buddy.php action Variable XSS

2003-06-22T22:53:36
ID OSVDB:23073
Type osvdb
Reporter Knight Commander(knight4vn@yahoo.com)
Modified 2003-06-22T22:53:36

Description

Vulnerability Description

XMB Forum contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'action' variable upon submission to the 'buddy.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Solution Description

Upgrade to version 1.8 Partagium Final SP1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

XMB Forum contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'action' variable upon submission to the 'buddy.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Manual Testing Notes

http://[target]/XMBforum/buddy.php?action=<script>alert('Vulnerable')</script>&buddy=<script>alert('Vulnerable')</script>

References:

Related OSVDB ID: 2191 Nessus Plugin ID:11527 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2003-06/0163.html ISS X-Force ID: 12396 Generic Informational URL: http://www.xmbforum.com/ CVE-2003-0483 Bugtraq ID: 8013