PT-2009-3914 · Webspell · Webspell
Yenh4Cker
·
Published
2009-04-24
·
Updated
2018-10-10
·
CVE-2009-1408
CVSS v2.0
4.3
Medium
| Vector | AV:N/AC:M/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
webSPELL version 4.2.0c
Description
The issue allows remote attackers to inject arbitrary web script or HTML via Javascript events, such as
onmouseover, in nested BBcode tags. This can be demonstrated using tags like email, img, and url.Recommendations
For webSPELL version 4.2.0c, consider disabling the use of nested BBcode tags or restricting Javascript events like
onmouseover to minimize the risk of exploitation.Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Webspell