Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:7561
HistoryJan 13, 2005 - 12:00 a.m.

Security Advisory: BiTBOARD xss

2005-01-1300:00:00
vulners.com
154
JSON

Advisory Information

Advisory name : BiTBOARD XSS
Discovered by : drhankey / it-security23.net
Vendor Name : the bitshifters sdc
Vendor Homepage : http://www.bitshifters.net
Software : Bitboard
Vulnerability Type : Cross-Site-Scripting
Vulnerable Versions : 2.5 and prior
Platforms : OS Independent, PHP

What is Bitshifters Bitboard?

Woltlab Burning Board Lite is a free message board using plain text files as database.

Vulnerability Description:

Ii's possible to inject javascript by abusing some kind of bbcode used in the posting system.

Proof of Concept:

[img]path/to/some/image' onMouseover='alert("hehehe… insecure");[/img]

JSON