Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!

TUCoPS :: Web BBS :: etc :: hack7009.htm yet another XSS vulns AdV:
Yet Another XSS vulnerabilities


"Yet Another ( 
is a opensource discussion forum or bulletin board system
for web sites running ASP.NET. It is ASP.NET based with a
MS SQL backend database.
The full C# source code is available licensed as GPL. "

Several Cross Site Scripting (XSS) vulnerabilities were found.


Due to insufficient input filtering, any user can
insert malicious script code into "name" and "location" fields
and into the "Subject" field of PM.
The scripts may (for example) steal authentication cookies of users
reading messages written by the malicious user.


Yet Another Version 0.9.9 is vulnerable to this issue.
Prior version were not tested


Yet Another's administrator was informed on March 17, 2005.


The vulnerability was researched by Maty Siman ( 

Maty Siman, CISSP

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2015 AOH