Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:23468
HistoryMar 25, 2010 - 12:00 a.m.

There is a Permanent-type Cross-Site Vulnerability in “Personal Signature” in all version of Discuz!. It can be written by the worm!

2010-03-2500:00:00
vulners.com
17
JSON

There is a Permanent-type Cross-Site Vulnerability in “Personal Signature” in all version of Discuz!. It
can be written by the worm!

Discuz! do not filter the Malicious code when user enter their personal signature, attacker can enter the
xss code, Discuz! will save and run it! It maybe lead the propagation of worm!

For example:

we can register an user, and enter the xss code to our personal signature!

like:
</textarea><script>alert(/Liscker/);</script><textarea>

Vulnerable: Discuz! <=7.2 all version!

Liscker
2010.03.24

JSON