13 lines
No EOL
857 B
Text
13 lines
No EOL
857 B
Text
source: http://www.securityfocus.com/bid/2814/info
|
|
|
|
O'Reilly WebBoard is a conferencing utility, forum, threaded discussion and real-time chat server.
|
|
|
|
Versions of WebBoard are vulnerable to a JavaScript code execution bug which may allow a remote denial of service against a target WebBoard user's system.
|
|
|
|
An attacker can compose a message in WebBoard's interactive messaging (paging) function, containing certain escape characters and JavaScript commands, and send the page to a target user. Upon receiving the message, the target client will improperly execute the JavaScript embedded in the page, which could result in the appearance of multiple message windows.
|
|
|
|
WebBoard is no longer supported by O'Reilly, it is currently maintained by ChatSpace, Inc.
|
|
|
|
An example of malicious javascript:
|
|
|
|
\');for(i=0;i<100000;i++) alert("not nice"); / |