EV0032.txt

`New eVuln Advisory:  
Bit 5 Blog JavaScript Insertion Vulnerability  
http://evuln.com/vulns/32/summary/bt/  
  
--------------------Summary----------------  
  
Software: Bit 5 Blog  
Sowtware's Web Site: http://bit5blog.sourceforge.net/  
Versions: 8.01  
Critical Level: Harmless  
Type: Cross-Site Scripting  
Class: Remote  
Status: Unpatched  
Exploit: Available  
Solution: Not Available  
Discovered by: Aliaksandr Hartsuyeu (eVuln.com)  
eVuln ID: EV0032  
  
-----------------Description---------------  
Arbitrary script code insertion is possible in BBcode.  
  
Vulnerable Script: addcomment.php  
Variable: $comment  
  
Tag <a> isn't properly sanitized. This can be used to post arbitrary script code.  
  
--------------Exploit----------------------  
Example:  
  
<a href=javascript:alert(123)>clickme</a>  
  
  
--------------Solution---------------------  
No Patch available.  
  
--------------Credit-----------------------  
Discovered by: Aliaksandr Hartsuyeu (eVuln.com)  
`