• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

CafeLog b2 WebLog Tool Cross Site Scripting Vulnerability

CafeLog b2 WebLog Tool allows users to generate news pages and weblogs dynamically. It uses PHP and a MySQL database to generate dynamic pages.

The b2 WebLog Tool will echo data back to the browser. Some variables are assumed by the scripts to have been set by internal data, when they can be set by remote users. Since these variables are not sufficiently sanitized of HTML tags, this makes b2 WebLog Tool prone to cross-site scripting attacks.