PT-2010-1461 · Webee · Webee Comments
Published
2010-02-22
·
Updated
2010-02-23
·
CVE-2009-4651
CVSS v2.0
4.3
Medium
| Vector | AV:N/AC:M/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
Webee Comments (com webeecomment) versions 1.1.1 through 2.0
Description
The issue allows remote attackers to inject arbitrary web script or HTML via the
color, img, or url BBCode tags. This can lead to cross-site scripting (XSS) attacks.Recommendations
For versions 1.1.1 through 2.0, update to a version that fixes the XSS vulnerabilities in the BBCode tags.
As a temporary workaround, consider restricting the use of the
color, img, and url BBCode tags until a patch is available.Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Webee Comments