yMonda Thread-IT Message Board topictitle XSS

2003-09-25T07:09:51
ID OSVDB:2601
Type osvdb
Reporter OSVDB
Modified 2003-09-25T07:09:51

Description

Vulnerability Description

Thread-IT Message Board contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the "Topic Title" variable upon submission. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

Thread-IT Message Board contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the "Topic Title" variable upon submission. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

References:

Vendor URL: http://www.ymonda.co.uk/ProductDetails.aspx?productID=411&selection=6 Secunia Advisory ID:9844 Related OSVDB ID: 3367 Related OSVDB ID: 3368 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2003-09/0402.html ISS X-Force ID: 13278 Bugtraq ID: 8692