CVE-2009-1408 Information
Description
Cross-site scripting (XSS) vulnerability in webSPELL 4.2.0c allows remote attackers to inject arbitrary web script or HTML allows remote attackers to inject arbitrary web script or HTML via Javascript events such as onmouseover in nested BBcode tags as demonstrated using (1) email (2) img and (3) url tags.
Reference
http://osvdb.org/53782 http://secunia.com/advisories/34764 http://www.securityfocus.com/archive/1/502732/100/0/threaded http://www.securityfocus.com/bid/34595 http://www.webspell.org/index.php?site=files&file=25 http://www.webspell.org/index.php?site=news_comments&newsID=126&lang=uk https://exchange.xforce.ibmcloud.com/vulnerabilities/49937 https://www.exploit-db.com/exploits/8453 Cross-site scripting (XSS) vulnerability in webSPELL 4.2.0c allows remote attackers to inject arbitrary web script or HTML allows remote attackers to inject arbitrary web script or HTML via Javascript events such as onmouseover in nested BBcode tags as demonstrated using (1) email (2) img and (3) url tags.
Share on: