EUVD-2006-1894

Malware in sbrugna...

Cross site scripting

Cross-site scripting XSS vulnerability in RevoBoard 1.8, as derived from PunBB, allows remote attackers to inject arbitrary web script or HTML via a substitution cipher of the email tag, which is transformed when the application's e-mail address obfuscator reverses the transformation. NOTE: it is...

CVE-2006-1894

Cross-site scripting XSS vulnerability in RevoBoard 1.8, as derived from PunBB, allows remote attackers to inject arbitrary web script or HTML via a substitution cipher of the email tag, which is transformed when the application's e-mail address obfuscator reverses the transformation. NOTE: it is...

CVE-2006-1894

CVE-2006-1894 affects RevoBoard 1.8 (derived from PunBB). The vulnerability is a cross-site scripting (XSS) flaw in the email address obfuscator: a substitution cipher used for the email tag can be reversed to reveal injected script/HTML, enabling remote code execution in the user’s browser. Affe...

CVE-2006-1894

Cross-site scripting XSS vulnerability in RevoBoard 1.8, as derived from PunBB, allows remote attackers to inject arbitrary web script or HTML via a substitution cipher of the email tag, which is transformed when the application's e-mail address obfuscator reverses the transformation. NOTE: it is...

RevoBoard [email] tag XSS

Revoboard php is based on an earlier version of PunBB. I know for sure that this affects v1.8. The email tag parser obsfucates emails to stop harvesters. To execute code, do this: php $code = ''" onMouseover="javascript:alert/xss/"'; for$a=0;$astrlen$code;$a++ $c = ordsubstr$code,$a,1; $c +=...