11 lines
No EOL
623 B
Text
11 lines
No EOL
623 B
Text
source: https://www.securityfocus.com/bid/4548/info
|
|
|
|
IcrediBB is freely available web forum software. It is written in PHP and will run on most Unix and Linux variants, as well as Microsoft Windows operating systems.
|
|
|
|
IcrediBB does not adequately filter script code from forum message form fields. This may enable an attacker to inject malicious script code into forum messages.
|
|
|
|
An attacker who exploits this may be able to hijack web content or steal cookie-based authentication credentials.
|
|
|
|
Post a message with the following text in the subject or message body:
|
|
|
|
<script>alert('Cross Site Scripting possible');</script> |