Back to list
Re: aXentForum II XSS vuLLn
Jun 22 2006 05:45AM
Steven M. Christey (coley mitre org)
The same executable (viewposts.cfm) and parameter (startrow) was
reported by r0t at 13:49 June 15, 2006, probably Finland time:
In fact, the Bugtraq post contains the following text, which is
exactly the same as r0t's blog entry as of June 21, including the lack
of spaces between the ":"
affected versions:aXentForum II and prior
aXentForum II contains a flaw that allows a remote Cross-Site
Scripting attacks.Input passed to the "startrow" parameter in
"viewposts.cfm" isn't properly sanitised before being returned to
This can be exploited to execute arbitrary HTML and script code in a
user's browser session in context of an affected site.
The Bugtraq reader is encouraged to search the vulnerability database
of his/her choice to determine which researcher is more likely to have
been the original source of this report.
[ reply ]
Copyright 2010, SecurityFocus