Title: O'Reilly WebBoard Pager Hostile JavaScript Vulnerability
Severity: MODERATE
Description:
O'Reilly WebBoard is a conferencing, forum, threaded discussion and real-time chat server.
Versions of WebBoard are vulnerable to a JavaScript code execution bug which may allow a remote denial of service against a target WebBoard user's system.
An attacker can compose a message in WebBoard's interactive messaging (paging) function, containing certain escape characters and JavaScript commands, and send the page to a target user. Upon receiving the message, the target client will improperly execute the JavaScript embedded in the page, which could result in the appearance of multiple message windows.
This problem could lead to the consumption of resources on a target users system, resulting in slow operation of the target users system, or potentially a system crash from resource starvation.
WebBoard is no longer supported by O'Reilly, it is currently maintained by ChatSpace, Inc.
Affected Products:
- OReilly Software WebBoard 4.10.30
References:
- ChatSpace: WebBoard Homepage
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
