New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
BBCode URL Tag Script Injection "Shoutbox" PHP Fusion 9.0.36 #2329
Comments
lol you really don't trust your administrators 😂 |
@RobiNN1 Thank you. |
No need, issue is confirmed. |
Songohan22
changed the title
BBCode URL Tag Script Injection "Shoutbox Admin" PHP Fusion 9.0.36
BBCode URL Tag Script Injection "Shoutbox" PHP Fusion 9.0.36
May 18, 2020
@RobiNN1, |
Hi @RobiNN1 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the bug
BBCode URL Tag Script Injection "Shoutbox Admin"
To Reproduce
Steps to reproduce the behavior:
[url]https://nvd.nist.gov?[url] onmousemove=javascript:alert(String.fromCharCode(88,83,83));//[/url][/url]
Impact
An attacker can use this vulnerability to redirect users to other malicious websites, which can be used for phishing and similar attacks.
Video POC
Video POC link: https://drive.google.com/open?id=1g9x6B-K338qnzHjWtbEHCadpyPLx-daX
Desktop (please complete the following information):
The text was updated successfully, but these errors were encountered: