|
Family: CGI abuses : XSS --> Category: infos
YaBB Shadow BBCode Tag JavaScript Injection Issue Vulnerability Scan
Vulnerability Scan Summary Acertains the version of YaBB
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote web server contains a CGI application that is prone to
cross-site scripting attacks.
Description :
The remote host is using the YaBB web forum software.
According to its version number, the remote version of this software
is vulnerable to Javascript injection issues using shadow or glow
tags. This may allow a possible hacker to inject hostile Javascript into
the forum system, to steal cookie credentials or misrepresent site
content. When the form is submitted the malicious Javascript will be
incorporated into dynamically generated content.
See also :
http://www.yabbforum.com/community/YaBB.pl?board=general
action=display
num=1101400965
Solution:
Upgrade to YaBB 1 Gold SP 1.4 or later.
Threat Level:
Low / CVSS Base Score : 2
(AV:R/AC:L/Au:NR/C:P/A:N/I:N/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|