ASP-DEV XM Forum RC3 IMG Tag Script Injection Vulnerability

ID SSV:78987
Type seebug
Reporter Root
Modified 2014-07-01T00:00:00


No description provided by source.


XM Forum is reported prone to a script injection vulnerability.

An attacker can supply arbitrary HTML and script code through the BBCode IMG tag to trigger this issue and execute arbitrary script code in a user's browser.

XM Forum RC3 is reported vulnerable. It is possible that other versions are affected as well.