Title: Prospero Message Board Cross-Agent Scripting Vulnerability
Severity: HIGH
Description:
Prospero Message Boards are a web based messaging system, supporting communities and forums.
Prospero includes the option to post HTML formatted messages. Script commands are not properly filtered from these messages, allowing a malicious poster to inject JavaScript commands into posts. When viewed by other users, the script will execute within the context of the hosting web page. This may lead to the theft of cookies, or other forms of cross-agent scripting attacks.
It has been reported that Prospero uses cookies for user authentication, opening the possibility that this vulnerability could be used to hijack user accounts.
Affected Products:
- Prospero Technologies Message Boards 0.0.0
References:
- Prospero Technologies: Message Boards Product Homepage
- Sentinel Chicken Networks: Sentinel Chicken Networks Security Advisory #02
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
