YaBB Shadow BBCode Tag XSS

This script is Copyright (C) 2004-2015 Tenable Network Security, Inc.

Synopsis :

The remote web server contains a CGI application that is prone to
cross-site scripting attacks.

Description :

The remote host is using the YaBB web forum software.

According to its version number, the remote version of this software
is vulnerable to JavaScript injection issues using shadow or glow
tags. This may allow an attacker to inject hostile JavaScript into
the forum system, to steal cookie credentials or misrepresent site
content. When the form is submitted the malicious JavaScript will be
incorporated into dynamically-generated content.

See also :


Solution :

Upgrade to YaBB 1 Gold SP 1.4 or later.

Risk factor :

Medium / CVSS Base Score : 4.3
CVSS Temporal Score : 3.7
Public Exploit Available : true

Family: CGI abuses : XSS

Nessus Plugin ID: 15859 ()

Bugtraq ID: 11764


Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now