yMonda Comment Board name XSS

2003-09-25T00:00:00
ID OSVDB:3369
Type osvdb
Reporter OSVDB
Modified 2003-09-25T00:00:00

Description

Vulnerability Description

yMonda Comment Board contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the "Name" variable upon submission. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

yMonda Comment Board contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the "Name" variable upon submission. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

References:

Vendor URL: http://www.ymonda.co.uk/ProductDetails.aspx?productID=416&selection=6 Secunia Advisory ID:9842 Related OSVDB ID: 2598 Related OSVDB ID: 3370 Other Advisory URL: http://archives.neohapsis.com/archives/bugtraq/2003-09/0408.html ISS X-Force ID: 13277 Bugtraq ID: 8691