email XSS Vulnerability in Foro Domus

Summary

Vulnerability
email XSS Vulnerability in Foro Domus
Discovered
2006.01.06
Last Update
0 n/a
ID
EV0016
CVE
CVE-2006-0110
Risk Level
low
Type
Cross Site Scripting
Status
Unpatched
Vendor
n/a
Vulnerable Software
Foro Domus (http://domus.sourceforge.net/)
Version
2.10
PoC/Exploit
Available
Solution
Not available
Discovered by
Aliaksandr Hartsuyeu (eVuln.com)

Description

Cross Site Scripting found in Foro Domus (http://domus.sourceforge.net/) script.

Vulnerable script: escribir.php

Variable $email isn't properly sanitized. This can be used to post arbitrary script code which will be executed in the browser of every visitor.

PoC/Exploit

Example URL:
http://host/domus/escribir.php? domus=ae29cf4d3f2dc42241e387d39b4126e2&hilo=1&padre=1&categoria=General&n=&usario=username&email=e@';%20alert(123);%20var%20dss='h.co&asunto=blabla&texto=anytext&accion=enviar

Solution.

Solution for "email XSS Vulnerability in Foro Domus" is not available. Check vendor's website for updates.