[eVuln] M. Blom HTML::BBCode perl module XSS Vulnerabilities

2006-02-16T00:00:00
ID SECURITYVULNS:DOC:11456
Type securityvulns
Reporter Securityvulns
Modified 2006-02-16T00:00:00

Description

New eVuln Advisory: M. Blom HTML::BBCode perl module XSS Vulnerabilities http://evuln.com/vulns/80/summary.html

--------------------Summary---------------- eVuln ID: EV0080 Software: M. Blom HTML::BBCode Sowtware's Web Site: http://menno.b10m.net/perl/ Versions: 1.04 1.03 and earlier Critical Level: Moderate Type: Cross-Site Scripting Class: Remote Status: Patched Exploit: Available Solution: Available Discovered by: Aliaksandr Hartsuyeu (eVuln.com)

-----------------Description--------------- Arbitrary script code insertion is possible in BBcode [url] and [img] tags.

All scripts which use HTML::BBCode module are threatened.

--------------Exploit---------------------- Available at: http://evuln.com/vulns/80/exploit.html

--------------Solution--------------------- Problem fixed in 1.05 version.

http://menno.b10m.net/perl/dists/HTML-BBCode-1.05.tar.gz

--------------Credit----------------------- Discovered by: Aliaksandr Hartsuyeu (eVuln.com)

Regards, Aliaksandr Hartsuyeu http://evuln.com