Cross-site scripting vulnerability in Snitz Forums 2000 3.3.03 and earlier allows remote attackers to execute arbitrary script as other Forums 2000 users via Javascript in an IMG tag.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Snitz_forums_2000 | Snitz_communications | 3.0 (including) | 3.0 (including) |
| Snitz_forums_2000 | Snitz_communications | 3.1-sr4 (including) | 3.1-sr4 (including) |
| Snitz_forums_2000 | Snitz_communications | 3.2.03 (including) | 3.2.03 (including) |
| Snitz_forums_2000 | Snitz_communications | 3.3 (including) | 3.3 (including) |
| Snitz_forums_2000 | Snitz_communications | 3.3.01 (including) | 3.3.01 (including) |
| Snitz_forums_2000 | Snitz_communications | 3.3.02 (including) | 3.3.02 (including) |
References
- http://forum.snitz.com/forum/link.asp?TOPIC_ID=23660
- http://marc.info/?l=bugtraq\u0026m=101485184605149\u0026w=2
- http://online.securityfocus.com/archive/1/258981
- http://www.iss.net/security_center/static/8309.php
- http://www.kb.cert.org/vuls/id/132011
- http://www.securityfocus.com/bid/4192
- http://forum.snitz.com/forum/link.asp?TOPIC_ID=23660
- http://marc.info/?l=bugtraq\u0026m=101485184605149\u0026w=2
- http://online.securityfocus.com/archive/1/258981
- http://www.iss.net/security_center/static/8309.php
- http://www.kb.cert.org/vuls/id/132011
- http://www.securityfocus.com/bid/4192