Woltlab Burning Board <= 2.3.1 Pl2

Full Version: Woltlab Burning Board <= 2.3.1 Pl2 - Xss

GovernmentSecurity.org > General GSO > Exploit & Vulnerability Mailing List Archives

qcred11

Apr 25 2005, 04:57 PM

QUOTE

Vendor: WoltLab
URL: http://www.woltlab.de/
Version: <= 2.3.1 PL 2
Type: XSS
Discovered by [R] and deluxe89

Description:
--------------------------------
The WoltLab Burning Board is a high customisable forum software for every kind of use.

See [1] for a detailed description.

Cross Site Scripting:
--------------------------------
It's possible to inject malicious code in the "folderid"-variable in pms.php.

/pms.php?folderid=[XSS]

Patch:
--------------------------------
There isn't a patch from the vendor, but you can use htmlspecialchars() to fix it.

Source: http://seclists.org/lists/bugtraq/2005/Apr/0414.html

This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.