Back to list
Multiple Vulnerabilities in Led-Forums
Oct 30 2003 04:04PM
ProXy - (proxy excluded org)
Versions: Beta 1
Vulnerability: XSS- and redirection-Bug
Date: October 30, 2003
Discovered by: ProXy <proxy (at) excluded (dot) org [email concealed]>
1. - XSS-Bug
The Welcome-Message of the Led-Forums software could be changed by everybody.
2. - Redirection-Bug
So if anybody insert the following JS-code in the topic-field of a new thread
the complete forum-category would be redirected to the adress the attacker indicates.
[ reply ]
Copyright 2010, SecurityFocus