9 lines
No EOL
505 B
Text
Executable file
9 lines
No EOL
505 B
Text
Executable file
source: http://www.securityfocus.com/bid/4559/info
|
|
|
|
PostBoard is a freely available, open source message board module for the PostNuke content management system. It is designed for use on the Unix and Linux operating systems.
|
|
|
|
PostBoard does not sanitize code submitted to site between IMG tags. Due to this, a malicious user may be able to submit a post to the site with script code between two IMG tags.
|
|
|
|
The following code is proof of concept:
|
|
|
|
[IMG]javascript:alert('give me cookies');[/IMG] |