Help - Search - Members - Calendar
Full Version: Small security bugs or it already fixed?
Invision Power Services > Community Forums > Community General Chat
Oska
Jul 27 2005, 05:58 AM
QUOTE(russian seciruty lab)
Possible XSS:

1. Vulnerability exists in a field "msg_title" in personal messages...:

"><script>alert()</script>

2. Vulnerability exists at processing BB tags. The user can to execute by means of specially generated message any HTML leather in a browser of a victim.

Examples:

[pīst=[tīpic=100]
Click me!
[/tīpic]]
Click me!
[/pīst]


It already fixed in IPB 2.0.4 or this small bugs?
Oska
Aug 21 2005, 06:39 PM
Bump. It really bugs or it not security bugs?
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2008 Invision Power Services, Inc.