HTTP: MercuryBoard PM Tile Injection
This signature detects attempts to exploit a known vulnerability against MercuryBoard, an online message board application. Attackers can craft a malicious script in the title field of a private message, which once viewed, can enable the attacker to steal authentication credentials from the affected host.
Extended Description
MercuryBoard is affected by an HTML injection vulnerability. The issue affects the 'title' field when a PM is sent to a user and may be exploited to execute arbitrary HTML and script code in the browser of a user when the user views the PM. MercuryBoard 1.1.2 is affected by this issue. It is likely that this issue affects prior versions as well.
Affected Products
Mercuryboard message_board
Short Name
HTTP:XSS:MERCURY-BOARD
Severity
Minor
Recommended
False
Recommended Action
None
Category
HTTP
Keywords
CVE-2005-0878 Injection MercuryBoard PM Tile bid:12872
Release Date
04/19/2005
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
False Positive
Unknown
Vendors
Mercuryboard
CVSS Score
4.3