YaBB Shadow BBCode Tag JavaScript Injection Vulnerability

info
discussion
exploit
solution
references

YaBB Shadow BBCode Tag JavaScript Injection Vulnerability

YaBB is reported prone to a JavaScript injection vulnerability. It is reported that the BBCode 'shadow' tag is not sufficiently sanitized of malicious script content.

An attacker that has an account on the affected bulletin board may exploit this vulnerability to inject arbitrary JavaScript code into forum posts through the 'shadow' tag.