XMB editprofile.php user XSS

2004-02-24T06:05:37
ID OSVDB:4044
Type osvdb
Reporter Janek Vind "waraxe"(come2waraxe@yahoo.com)
Modified 2004-02-24T06:05:37

Description

Vulnerability Description

Extreme Messageboard aka XMB contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the "user" variable upon submission to the editprofile.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Solution Description

Upgrade to version 1.8 SP3 or 1.9 Nexus BETA or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

Extreme Messageboard aka XMB contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the "user" variable upon submission to the editprofile.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Manual Testing Notes

http://[host]/xmb18sp2/editprofile.php?user=x"><%73cript>alert(document.cookie);</%73cript>

References:

Vendor URL: http://www.xmbforum.com Vendor URL: http://www.aventure-media.co.uk Secunia Advisory ID:10963 Related OSVDB ID: 4045 Related OSVDB ID: 4043 Related OSVDB ID: 4047 Related OSVDB ID: 4048 Related OSVDB ID: 4046 Related OSVDB ID: 4049 Related OSVDB ID: 4041 Related OSVDB ID: 4042 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-02/0595.html Keyword: cross site scripting,XSS,XMB,XMB Group,XMB Forum,Extreme Messageboard,Aventure Media ISS X-Force ID: 15292 CVE-2004-0322 Bugtraq ID: 9726