Vulnerability Note VU#132011
Snitz Forums 2000 vulnerable to cross-site scripting via crafted IMG tag
Snitz Forums 2000 does not adequately check "IMG" tag "SRC" attributes and thus contains cross-site scripting vulnerability.
An attacker may perform arbitrary commands with the privileges and identity of other users of the Snitz Forums installation.
Upgrade to version 3.3.04 or later of Snitz Forums 2000. For more information, see
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Snitz Communications||Affected||17 Apr 2002||12 Jun 2002|
CVSS Metrics (Learn More)
Thanks to Joshua Hiller for reporting this vulnerability.
This document was written by Shawn Van Ittersum.
- CVE IDs: Unknown
- Date Public: 28 Feb 2002
- Date First Published: 12 Jun 2002
- Date Last Updated: 12 Jun 2002
- Severity Metric: 3.78
- Document Revision: 10
If you have feedback, comments, or additional information about this vulnerability, please send us email.