YaBB 1 Gold Multiple Input Validation Vulnerabilities

YaBB 1 Gold is affected by multiple input validation vulnerabilities. These issues are due to a failure of the application to properly sanitize user-supplied input.

An attacker may leverage a cross-site scripting issue to execute arbitrary HTML and script code in the browser of an unsuspecting user in the context of the vulnerable site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.

An attacker may exploit a HTTP response splitting issue to manipulate or misrepresent pages in the context of the vulnerable site, potentially facilitating phishing attacks.


 

Privacy Statement
Copyright 2010, SecurityFocus