|
Description
|
|
Henry Hoggard has discovered multiple vulnerabilities in the AboutMe plugin for Vanilla Forums, which can be exploited by malicious users to conduct script insertion attacks.
Input passed via the "AboutMe/RealName", "AboutMe/Name", "AboutMe/Quote", "AboutMe/Loc", "AboutMe/Emp", "AboutMe/JobTit", "AboutMe/HS", "AboutMe/Col", "AboutMe/Bio", "AboutMe/Inter", "AboutMe/Mus", "AboutMe/Gam", "AboutMe/Mov", "AboutMe/FTV", "AboutMe/Bks" parameters to the "Edit My Details" page is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site if malicious data is viewed.
The vulnerabilities are confirmed in version 1.1.1. Other versions may also be affected.
|
