Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:10949
HistoryJan 10, 2006 - 12:00 a.m.

Html_Injection in vBulletin 3.5.2

2006-01-1000:00:00
vulners.com
13
JSON

Vulnerable Version: 3.5.2 (prior versions also may be affected) Bug: Html_Injection (Second order Cross_Site_Scripting) Exploitation: Remote with browser

Html_Injection : The software does not properly filter HTML tags in the title of events before being passed to user in 'calendar.php'&'reminder.php AS include'. that may allow a remote user to inject HTML/javascript codes to events of calendar. The hostile code may be rendered in the web browser of the victim user who will Request Reminder for those Events (persistent). For example an attacker creates new event (Single-All Day Event , Ranged Event OR Recurring Event)with this content:

TITLE:--------->Test<script>alert(document.cookie)</script> BODY:---------->No matter OTHER OPTIONS:->No matter

Demonstration XSS URL: -------------------- http://example.com/vbulletin/calendar.php?do=addreminder&amp;e=[eventid]

Credit

Savsak.com [Ejder And The_BeKiR And Liz0Zim And CyberLord]

JSON