关键信息 漏洞名称: Foxrum BBCode XSS Vulnerability CVE编号: CVE-2006-0156 CWE编号: CWE-79 CVSS Base Score: 4.3/10 Exploitability Subscore: 8.6/10 Impact Subscore: 2.9/10 Risk: Low Published: 2006.01.10 Software: Foxrum Software's Web Site: http://www.foxrum.fr.st/ Versions: 4.0.4f Critical Level: Harmless Type: Cross-Site Scripting Class: Remote Status: Unpatched Exploit: Available Solution: Available Discovered by: Aliaksandr Hartsuyeu (eVuln.com) eVuln ID: EV0020 Description: - Arbitrary script code insertion is possible in BBCode. - Vulnerable Scripts: addpost1.php addtopic1.php - BBCode is not properly sanitized. This can be used to post arbitrary script code. Exploit: - BBCode Example: Solution: - Disable BBCode Credit: - Original Advisory: http://evuln.com/vulns/20/summary.html - Discovered by: Aliaksandr Hartsuyeu (eVuln.com)