Leszek Krupinski L-Forum Message Header Script Injection Vulnerability

A script injection vulnerability has been reported in L-Forum 2.4.0. Malicious messages may be posted to the forum which include arbitrary HTML content, including JavaScript code. If the message is then viewed by another user of the system, the supplied script code will execute within the context of the vulnerable site.

This flaw is due to insufficient filtering of the 'From', 'E-mail' and 'Subject' fields of a message post.


 

Privacy Statement
Copyright 2010, SecurityFocus