Signature Detail
Short Name |
HTTP:XSS:MERCURY-BOARD |
|---|---|
Severity |
Medium |
Recommended |
No |
Category |
HTTP |
Keywords |
MercuryBoard PM Tile Injection |
Release Date |
2005/04/19 |
Update Number |
1213 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: MercuryBoard PM Tile Injection
This signature detects attempts to exploit a known vulnerability against MercuryBoard, an online message board application. Attackers can craft a malicious script in the title field of a private message, which once viewed, can enable the attacker to steal authentication credentials from the affected host.
Extended Description
MercuryBoard is affected by an HTML injection vulnerability. The issue affects the 'title' field when a PM is sent to a user and may be exploited to execute arbitrary HTML and script code in the browser of a user when the user views the PM. MercuryBoard 1.1.2 is affected by this issue. It is likely that this issue affects prior versions as well.
Affected Products
- MercuryBoard Message Board 1.0.0
- MercuryBoard Message Board 1.0.1
- MercuryBoard Message Board 1.0.2
- MercuryBoard Message Board 1.1.0
- MercuryBoard Message Board 1.1.1
- MercuryBoard Message Board 1.1.2
References
- BugTraq: 12872
- CVE: CVE-2005-0878