YaBB XSS And Administrator Command Execution Network Vulnerability

Summary

The remote web server contains a CGI application that suffers from multiple vulnerabilities. Description : The 'YaBB.pl' CGI is installed. This version is affected by a cross-site scripting vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied input. As a result of this vulnerability, it is possible for a remote attacker to create a malicious link containing script code that will be executed in the browser of an unsuspecting user when followed. Another flaw in YaBB may allow an attacker to execute malicious administrative commands on the remote host by sending malformed IMG tags in posts to the remote YaBB forum and waiting for the forum administrator to view one of the posts.

Solution

Unknown at this time.

References

http://archives.neohapsis.com/archives/bugtraq/2004-09/0227.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2004-2402, CVE-2004-2403
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

ActivePerl perlIS.dll Buffer Overflow
Apache Tomcat AJP Protocol Security Bypass Vulnerability
Apple Safari PDF Javascript Security Bypass Bypass Vulnerability
Admin Bot 'news.php' SQL Injection Vulnerability
Adobe ColdFusion Components (CFC) Denial Of Service Vulnerability

YaBB XSS and Administrator Command Execution

Take action and discover your vulnerabilities