{"href": "https://www.seebug.org/vuldb/ssvid-77084", "status": "cve,poc", "history": [], "bulletinFamily": "exploit", "modified": "2014-07-01T00:00:00", "title": "Ledscripts LedForums Multiple Fileds HTML Injection Vulnerability", "cvss": {"vector": "NONE", "score": 0.0}, "sourceHref": "https://www.seebug.org/vuldb/ssvid-77084", "cvelist": [], "description": "No description provided by source.", "viewCount": 0, "published": "2014-07-01T00:00:00", "sourceData": "\n source: http://www.securityfocus.com/bid/8934/info\r\n\r\nIt has been reported that LedForums is prone to a HTML injection vulnerability that may allow an attacker to execute HTML code in a user's browser. The issue is reported to be present in the 'top_message' and 'topic' fields. This problem is due to insufficient sanitization of user-supplied input.\r\n\r\nSuccessful exploitation of this vulnerability may allow an attacker to steal cookie-based authentication credentials. Other attacks are also possible.\r\n\r\nLedForums Beta 1 has been reported to be vulnerable to this issue.\r\n\r\nhttp://www.example.com/~path/index.php?top_message=<script>alert(document.cookie)</script>\r\nhttp://www.example.com/~path/index.php?top_message=<h1>OWNED?%20*g*</h1>\r\n\r\n<script>window.location='http://www.example.org'</script>\n ", "id": "SSV:77084", "enchantments_done": [], "_object_type": "robots.models.seebug.SeebugBulletin", "type": "seebug", "lastseen": "2017-11-19T13:44:40", "reporter": "Root", "_object_types": ["robots.models.base.Bulletin", "robots.models.seebug.SeebugBulletin"], "enchantments": {"score": {"value": 7.5, "vector": "NONE"}, "dependencies": {"references": [], "modified": "2017-11-19T13:44:40"}, "vulnersScore": 7.5}, "objectVersion": "1.4", "references": []}

{}