Advertisement






Scriptme products BBCode 'url' XSS Vulnerability

CVE Category Price Severity
CVE-2006-0661 CWE-79 $500 High
Author Risk Exploitation Type Date
Unknown High Remote 2006-02-24
Our sensors found this exploit at: http://cxsecurity.com/ascii/WLB-2006020053

Below is a copy:

New eVuln Advisory:
Scriptme products BBCode 'url' XSS Vulnerability
http://evuln.com/vulns/65/summary.html

--------------------Summary----------------
eVuln ID: EV0065
CVE: CVE-2006-0661
Vendor: Scriptme
Vendor's Web Site: http://www.scriptme.com/
Software: "SmE GB Host" "SmE Blog Host"
Versions:
Critical Level: Harmless
Type: Cross-Site Scripting
Class: Remote
Status: Unpatched. No reply from developer(s)
Exploit: Not Available
Solution: Not Available
Discovered by: Aliaksandr Hartsuyeu (eVuln.com)

-----------------Description---------------
Arbitrary script code insertion is possible in BBcode [url] tag.

"SmE GB Host" 1.21 - vulnerable
"SmE Blog Host" - vulnerable

--------------Exploit----------------------
Waiting for developer(s) reply.
If there is no reply exploitation code will be published in 10 days
http://evuln.com/vulns/65/exploit.html

--------------Solution---------------------
No Patch available.

--------------Credit-----------------------
Discovered by: Aliaksandr Hartsuyeu (eVuln.com)

Regards,
Aliaksandr Hartsuyeu
http://evuln.com - Penetration Testing Services

Copyright ©2024 Exploitalert.

This information is provided for TESTING and LEGAL RESEARCH purposes only.
All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use and Privacy Policy and Impressum