CVE-2002-1459

Cross-site scripting vulnerability in L-Forum 2.40 and earlier, when the Enable HTML in messages option is off, allows remote attackers to insert arbitrary script or HTML via message fields including (1) From, (2) E-Mail, and (3) Subject.

Affected Software

References

• http://archives.neohapsis.com/archives/bugtraq/2002-08/0115.html
• http://sourceforge.net/tracker/download.php?group_id=53716\u0026atid=471343\u0026file_id=26687\u0026aid=579278
• http://sourceforge.net/tracker/index.php?func=detail\u0026aid=579278\u0026group_id=53716\u0026atid=471343
• http://www.iss.net/security_center/static/9838.php
• http://www.securityfocus.com/bid/5462
• http://archives.neohapsis.com/archives/bugtraq/2002-08/0115.html
• http://sourceforge.net/tracker/download.php?group_id=53716\u0026atid=471343\u0026file_id=26687\u0026aid=579278
• http://sourceforge.net/tracker/index.php?func=detail\u0026aid=579278\u0026group_id=53716\u0026atid=471343
• http://www.iss.net/security_center/static/9838.php
• http://www.securityfocus.com/bid/5462