IdealBB Multiple Unspecified XSS

2006-05-07T04:32:36
ID OSVDB:25458
Type osvdb
Reporter CodeScan Labs(advisories@codescan.com)
Modified 2006-05-07T04:32:36

Description

Vulnerability Description

IdealBB contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate certain variables upon submission to certain scripts. No further information has been provided. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

IdealBB contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate certain variables upon submission to certain scripts. No further information has been provided. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

References:

Vendor URL: http://www.idealscience.com/ Secunia Advisory ID:20035 Related OSVDB ID: 25457 Related OSVDB ID: 25455 Related OSVDB ID: 25456 Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2006-05/0203.html ISS X-Force ID: 26355 CVE-2006-2321 Bugtraq ID: 17920