Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-1408

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2009-1408
Last Modified 24 Apr 2009 12:00:00
Published 24 Apr 2009 10:30:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2009-1408

Summary

Cross-site scripting (XSS) vulnerability in webSPELL 4.2.0c allows remote attackers to inject arbitrary web script or HTML allows remote attackers to inject arbitrary web script or HTML via Javascript events such as onmouseover in nested BBcode tags, as demonstrated using (1) email, (2) img, and (3) url tags.

Vulnerable Systems

Application

  • Webspell 4.2.0c


References

CONFIRM - http://www.webspell.org/index.php?site=news_comments&newsID=126&lang=uk

CONFIRM - http://www.webspell.org/index.php?site=files&file=25

BID - 34595

XF - webspell-bbcode-xss(49937)

BUGTRAQ - 20090416 webSPELL 4.2.0c XSS (BYPASS BBCODE) COOKIES STEALING VULNERABILITY

MILW0RM - 8453

SECUNIA - 34764

OSVDB - 53782


Last Updated: 27 May 2016 10:50:33