[转载]WoltLab Burning Board 2.3.1及以下版本跨站脚本漏洞
文章作者:deluxe[@]security-project.orgVendor: WoltLab
URL: [url]http://www.woltlab.de/[/url]
Version: <= 2.3.1
Type: XSS
Discovered by deluxe89
Contact: deluxe[@]security-project.org
Description:
--------------------------------
The WoltLab Burning Board is a high customisable forum software for every kind of use.
See [1] for a detailed description.
Cross Site Scripting:
--------------------------------
It's possible to inject HTML or JavaScript code into the variable "hilight" of thread.php.
[url]http://www.it-security23.net/thread.php?threadid=1683&hilight=[/url][XSS]
Solution:
--------------------------------
There isn't a solution yet.
Security-Project
--------------------------------
[url]http://www.security-project.org[/url]
Vendor contacted.
Greetz to Astovidatu, DooMRunneR, Wacholdernutte and Doc
[1] [url]http://www.woltlab.de/products/burning_board/index_en.php[/url]
页:
[1]