|
Description
|
|
TrustWave SpiderLabs has discovered a vulnerability in The Bug Genie, which can be exploited by malicious users to conduct script insertion attacks.
Input related to file attachments is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site if malicious data is viewed.
Successful exploitation of this vulnerability requires file attachments to be enabled.
The vulnerability is confirmed in versions 3.2.6. Other versions may also be affected.
|
