| VID |
21423 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The Aztek Forum has a 'forum_2.php' script Cross-site Scripting Vulnerability.
Aztek Forum is a freely available French forum. Several versions of Aztek Forum are vulnerable to a cross-site scripting vulnerability, caused by a failure of the application to properly validate user-supplied input in the 'forum_2.php' file. A remote attacker could create a specially crafted URL link to the 'forum_2.php' scripts containing malicious script code in 'return' variable, and then could persuade a target user to click it. Once the URL is clicked, the embedded codes would be executed in the victim's Web browser. A remote attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.
* References:
http://securitytracker.com/alerts/2004/Nov/1012213.html
http://www.osvdb.org/displayvuln.php?osvdb_id=11704
* Platforms Affected:
Aztek Forum Any version
Any operating system Any version |
| Recommendation |
No upgrade or patch available as of June 2014.
Upgrade to the new version of Aztek Forum, when new version fixed this problem becomes available from the Aztek Forum Web Site at http://www.forum-aztek.com/ |
| Related URL |
CVE-2004-2725 (CVE) |
| Related URL |
11654 (SecurityFocus) |
| Related URL |
18057 (ISS) |
|
