Cross-site scripting (XSS) vulnerability in webSPELL 4.2.0c allows remote attackers to inject arbitrary web script or HTML allows remote attackers to inject arbitrary web script or HTML via Javascript events such as onmouseover in nested BBcode tags, as demonstrated using (1) email, (2) img, and (3) url tags.
References
Link | Resource |
---|---|
http://osvdb.org/53782 | |
http://secunia.com/advisories/34764 | Vendor Advisory |
http://www.securityfocus.com/archive/1/502732/100/0/threaded | |
http://www.securityfocus.com/bid/34595 | Exploit Patch |
http://www.webspell.org/index.php?site=files&file=25 | Patch Vendor Advisory |
http://www.webspell.org/index.php?site=news_comments&newsID=126&lang=uk | Patch Vendor Advisory |
https://exchange.xforce.ibmcloud.com/vulnerabilities/49937 | |
https://www.exploit-db.com/exploits/8453 |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2009-04-24T14:00:00
Updated: 2018-10-10T18:57:01
Reserved: 2009-04-24T00:00:00
Link: CVE-2009-1408
JSON object: View
NVD Information
Status : Modified
Published: 2009-04-24T14:30:00.407
Modified: 2018-10-10T19:36:44.877
Link: CVE-2009-1408
JSON object: View
Redhat Information
No data.
CWE