Sporum Forum Multiple Remote Cross Site Scripting Vulnerabilities
TITLE: Sporum Forum Multiple Remote Cross Site Scripting Vulnerabilities
CLASS: Input Validation Error
CVE:
REMOTE: Yes
LOCAL: No
PUBLISHED: Jun 12 2007 12:00AM
UPDATE: Jun 13 2007 04:59AM
CREDIT: r0t is credited with the discovery of these vulnerabilities.
VULNERABLE:
Sporum Forum 3.0.9NOT VULNERABLE:
Vai alla pagina originale su Security Focus
Discussion
Sporum Forum is prone to multiple cross-site scripting vulnerabilities.
An attacker may leverage any of these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
Sporum Forum 3.0.9 is vulnerable to these issues; other versions may be affected as well.
Exploit
To exploit this issue, an attacker must entice an unsuspecting victim into following a malicious URI.
Solution
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:vuldb@securityfocus.com.
References
References:
- Sporum Forum XSS vuln. (r0t)
- Vendor Homepage (Sporum)