PT-2006-1235 · Foxrum · Foxrum

Aliaksandr Hartsuyeu

Published

2006-01-10

Updated

2018-10-19

CVE-2006-0156

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions Foxrum version 4.0.4f

Description The issue is related to a cross-site scripting (XSS) vulnerability. This vulnerability allows remote attackers to inject arbitrary Javascript code via the javascript URI in bbcode url tags. The affected files are addpost1.php and addtopic1.php.

Recommendations For Foxrum version 4.0.4f, consider disabling the use of javascript URI in bbcode url tags in addpost1.php and addtopic1.php until a patch is available. Restrict access to these files to minimize the risk of exploitation. Avoid using the javascript URI scheme in bbcode url tags in the affected API endpoints until the issue is resolved.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-0156

Affected Products

Foxrum

PT-2006-1235 · Foxrum · Foxrum

CVE-2006-0156

Related Identifiers

Affected Products

References · 8