source: http://www.securityfocus.com/bid/4953/info Splatt Forum does not filter HTML from image tags. This may allow an attacker to inject arbitrary script code in forum messages. Injected script code will be executed in the browser of an arbitrary web user who views the malicious forum message, in the context of the website running Splatt Forum. This may potentially be exploited to hijack web content or steal cookie-based authentication credentials from legitimate users. [img]http://a.a/a"onerror="javascript:alert(document.cookie)[/img]
Related Exploits
Trying to match CVEs (1): CVE-2002-0959Trying to match OSVDBs (1): 9233
Other Possible E-DB Search Terms: Splatt Forum 3.0, Splatt Forum
Date | D | V | Title | Author |
---|---|---|---|---|
2003-07-15 |
![]() |
Splatt Forum 3/4 - Post Icon HTML Injection | Lethalman | |
2003-03-12 |
![]() |
PHP-Nuke Splatt Forum 3.2 Module - Full Path Disclosure | Rynho Zeros... | |
2003-05-01 |
![]() |
PHP-Nuke Splatt Forum 4.0 Module - Cross-Site Scripting | Morning Wood | |
2003-05-01 |
![]() |
PHP-Nuke Splatt Forum 4.0 Module - HTML Injection | Morning Wood |