Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!

TUCoPS :: Web BBS :: etc :: thredit1.txt

Thread-IT Message Board XSS Vulnerability

Thread-IT Message Board XSS Vulnerability

Published: 24 September 2003

Released: 24 September 2003

Affected Systems: Thread-IT Message Board

Vendor: <>

Issue: Remote attackers can inject XSS script. 


"Thread-IT is a simple message board product that uses classic ASP scripts and an Access database. Installation of this product is simple even for people that have no ASP scripting experience."


It's possibile to inject XSS script in the Topic Title, Name and Message fields. 


">&lt;script&gt; this code will hide every thing after it including the the board topics if any attacker write it in the topic title.

&lt;script&gt;"URL");&lt;/script&gt; this code will open a new window when the board loaded.


The vendor has been contacted and a patch is not yet produced.


Filter all variables. 

Discovered by / credit:

Bahaa Naamneh <>

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2015 AOH