Thread-ITSQL message XSS

2003-09-25T00:00:00
ID OSVDB:3366
Type osvdb
Reporter OSVDB
Modified 2003-09-25T00:00:00

Description

Vulnerability Description

Thread-IT Message Board contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the "Message" variable upon submission. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

Thread-IT Message Board contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the "Message" variable upon submission. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

References:

Vendor URL: http://www.ymonda.co.uk/ProductDetails.aspx?productID=408&selection=6 Secunia Advisory ID:9843 Related OSVDB ID: 2600 Related OSVDB ID: 3365 Other Advisory URL: http://archives.neohapsis.com/archives/bugtraq/2003-09/0414.html ISS X-Force ID: 13279 Bugtraq ID: 8698