exploit-db-mirror/platforms/php/webapps/21514.txt
Offensive Security fffbf04102 Updated
2013-12-03 19:44:07 +00:00

7 lines
No EOL
554 B
Text
Executable file

source: http://www.securityfocus.com/bid/4953/info
Splatt Forum does not filter HTML from image tags. This may allow an attacker to inject arbitrary script code in forum messages. Injected script code will be executed in the browser of an arbitrary web user who views the malicious forum message, in the context of the website running Splatt Forum.
This may potentially be exploited to hijack web content or steal cookie-based authentication credentials from legitimate users.
[img]http://a.a/a"onerror="javascript:alert(document.cookie)[/img]