NI3
12-23-2003, 03:42 PM
CRITICAL:
Less critical
IMPACT:
Cross Site Scripting
WHERE:
From remote
SOFTWARE:
BoastMachine (bMachine) 2.x
DESCRIPTION:
David Sopas Ferreira has reported a vulnerability in BoastMachine
(bMachine), which can be exploited by malicious users to conduct
Cross-Site Scripting attacks.
User input supplied in the comment form is reportedly not filtered.
This can be exploited by supplying arbitrary HTML or script code,
which will be executed in a user's browser session when the comment
is viewed.
The vulnerability has been reported in version 2.6. Other versions
may also be affected.
SOLUTION:
****** malicious characters and character sequences.
PROVIDED AND/OR DISCOVERED BY:
David Sopas Ferreira
----------------------------------------------------------------------
Less critical
IMPACT:
Cross Site Scripting
WHERE:
From remote
SOFTWARE:
BoastMachine (bMachine) 2.x
DESCRIPTION:
David Sopas Ferreira has reported a vulnerability in BoastMachine
(bMachine), which can be exploited by malicious users to conduct
Cross-Site Scripting attacks.
User input supplied in the comment form is reportedly not filtered.
This can be exploited by supplying arbitrary HTML or script code,
which will be executed in a user's browser session when the comment
is viewed.
The vulnerability has been reported in version 2.6. Other versions
may also be affected.
SOLUTION:
****** malicious characters and character sequences.
PROVIDED AND/OR DISCOVERED BY:
David Sopas Ferreira
----------------------------------------------------------------------