TITLE: NavBoard Potential BBcode Script Insertion Vulnerability SECUNIA ADVISORY ID: SA18345 VERIFY ADVISORY: http://secunia.com/advisories/18345/ CRITICAL: Less critical IMPACT: Cross Site Scripting WHERE: >From remote SOFTWARE: Navboard v1x http://secunia.com/product/6758/ DESCRIPTION: Aliaksandr Hartsuyeu has discovered a vulnerability in NavBoard, which potentially can be exploited by malicious people to conduct script insertion attacks. Input passed via certain BBcode tags (e.g. url) isn't properly sanitised before being used. This can be exploited to inject arbitrary Javascript code, which will be executed in a user's browser session in context of an affected site when a malicious link with the "JavaScript" URI handler is followed from a malicious message. Example: [url=javascript:[code]]title[/url] Successful exploitation requires that the Administrator has defined some BBcode tags that can be used in forum posts. This is not defined by default in version V16. The vulnerability has been confirmed in version V16 (2.6.0) and also reported in version V17 beta2. SOLUTION: Do not allow the use of BBcode tags or edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: Aliaksandr Hartsuyeu ORIGINAL ADVISORY: http://evuln.com/vulns/19/summary.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------