Secunia
Login
|
|
Secunia Research: MercuryBoard "title" Script Insertion Vulnerability |
|
======================================================================
Secunia Research 23/03/2005
- MercuryBoard "title" Script Insertion Vulnerability -
======================================================================
Table of Contents
Affected Software....................................................1
Severity.............................................................2
Vendor's Description of Software.....................................3
Description of Vulnerability.........................................4
Solution.............................................................5
Time Table...........................................................6
Credits..............................................................7
References...........................................................8
About Secunia........................................................9
Verification........................................................10
======================================================================
1) Affected Software
MercuryBoard 1.1.2
Other versions may also be affected.
======================================================================
2) Severity
Rating: Less critical
Impact: Cross-Site Scripting
Where: From remote
======================================================================
3) Vendor's Description of Software
MercuryBoard is a powerful message board system dedicated to raw
speed with a mixture of features, ease of use, and ease of
customization coupled with expandability, and diverse language
services.
======================================================================
4) Description of Vulnerability
Secunia Research has discovered a vulnerability in MercuryBoard,
which can be exploited by malicious users to conduct script insertion
attacks.
Input passed to the "title" field when sending a PM to another user
is not properly sanitised before being used. This can be exploited to
execute arbitrary HTML and script code in a user's browser session in
context of an affected site when the malicious PM is viewed.
The vulnerability has been confirmed in version 1.1.2. Prior
versions may also be affected.
======================================================================
5) Solution
Update to version 1.1.3.
http://www.mercuryboard.com/index.php?a=downloads
======================================================================
6) Time Table
26/01/2005 - Vulnerability discovered.
26/01/2005 - Vendor notified.
09/03/2005 - Vendor confirms the vulnerability.
20/03/2005 - Vendor issued fixed version.
23/03/2005 - Public disclosure.
======================================================================
7) Credits
Discovered by Secunia Research.
======================================================================
8) References
The Common Vulnerabilities and Exposures (CVE) project has assigned
candidate number CAN-2005-0878 for the vulnerability.
======================================================================
9) About Secunia
Secunia collects, validates, assesses, and writes advisories regarding
all the latest software vulnerabilities disclosed to the public. These
advisories are gathered in a publicly available database at the
Secunia web site:
http://secunia.com/
Secunia offers services to our customers enabling them to receive all
relevant vulnerability information to their specific system
configuration.
Secunia offers a FREE mailing list called Secunia Security Advisories:
http://secunia.com/secunia_security_advisories/
======================================================================
10) Verification
Please verify this advisory by visiting the Secunia web site:
http://secunia.com/secunia_research/2004-18/advisory/
======================================================================
|
|
