[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

aXentForum II XSS vuLLn

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: aXentForum II XSS vuLLn
From: SnoBmsn@xxxxxxxxxx
Date: 16 Jun 2006 14:15:41 -0000

vendor:http://www.axent.us/axentforum.cfm
affected versions:aXentForum II and prior

aXentForum II contains a flaw that allows a remote Cross-Site Scripting 
attacks.Input passed to the "startrow" parameter in "viewposts.cfm" isn't 
properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's 
browser session in context of an affected site.

Turkish hacker

Prev by Date: Re: [FSA016] ISPConfig 2.2.3, File inclusion vulnerability
Next by Date: Chatizens.com - XSS with cookie disclosure
Previous by thread: Re: file include exploits in nucleus 3.23
Next by thread: Re: aXentForum II XSS vuLLn
Index(es):
- Date
- Thread