Yet Another Forum.net is susceptible to cross site scripting flaws. Version 0.9.9 is vulnerable to this issue.
b5b13555b62502b99eb9e8fa7ac7de98240aeeb82753716c407c931c18f5d194
OVERVIEW
=========
"Yet Another Forum.net (http://www.yetanotherforum.net/)
is a opensource discussion forum or bulletin board system
for web sites running ASP.NET. It is ASP.NET based with a
MS SQL backend database.
The full C# source code is available licensed as GPL. "
Several Cross Site Scripting (XSS) vulnerabilities were found.
DETAILS
=======
Due to insufficient input filtering, any user can
insert malicious script code into "name" and "location" fields
and into the "Subject" field of PM.
The scripts may (for example) steal authentication cookies of users
reading messages written by the malicious user.
VULNERABLE VERSIONS
===================
Yet Another Forum.net Version 0.9.9 is vulnerable to this issue.
Prior version were not tested
SOLUTION
========
Yet Another Forum.net's administrator was informed on March 17, 2005.
CREDITS
=======
The vulnerability was researched by Maty Siman (maty@checkmarx.com)
--
Maty Siman, CISSP
Web: http://www.checkmarx.com/
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed