[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
BBcode XSS in CLANSPHERE
Vulnerability ID: HTB22691
Vendor: csphere.eu ( http://www.csphere.eu/ )
Vulnerable Version: 2010.0 Final
Vendor Notification: 02 November 2010
Vulnerability Type: BBcode XSS
Status: Fixed by Vendor
Risk level: Medium
Credit: High-Tech Bridge SA - Ethical Hacking & Penetration Testing (http://www.htbridge.ch/)
BBcode isn't properly sanitized. This can be used to post arbitrary script code.
Successful exploitation of this vulnerability could result in a compromise of the application, theft of cookie-based authentication credentials, disclosure or modification of sensitive data.
An attacker can use browser to exploit this vulnerability.
Solution: Upgrade to the most recent version