Required CVE Record Information
Description
Multiple cross-site scripting (XSS) vulnerabilities in models.parser in PyForum 1.0.3 and possibly earlier versions, and possibly zForum, allow remote attackers to inject arbitrary web script or HTML via crafted BBcode (1) img or (2) url tags, which are not properly handled when a post is viewed.
References 4 Total
- exchange.xforce.ibmcloud.com: pyforum-bbcodetag-xss(54855) vdb-entry
- osvdb.org: 61051 vdb-entry
- secunia.com: 37764 third-party-advisory
- securityfocus.com: 20091215 [BMSA-2009-08] Multiple Vulnerabilities in PyForum mailing-list
Updated:
This container includes required additional information provided by the CVE Program for this vulnerability.
References 4 Total
- exchange.xforce.ibmcloud.com: pyforum-bbcodetag-xss(54855) vdb-entryx_transferred
- osvdb.org: 61051 vdb-entryx_transferred
- secunia.com: 37764 third-party-advisoryx_transferred
- securityfocus.com: 20091215 [BMSA-2009-08] Multiple Vulnerabilities in PyForum mailing-listx_transferred