Snitz Forums 2000 does not adequately check "IMG" tag "SRC" attributes and thus contains cross-site scripting vulnerability.
An attacker may perform arbitrary commands with the privileges and identity of other users of the Snitz Forums installation.
Upgrade to version 3.3.04 or later of Snitz Forums 2000. For more information, see
Thanks to Joshua Hiller for reporting this vulnerability.
This document was written by Shawn Van Ittersum.
|Date First Published:||2002-06-13|
|Date Last Updated:||2002-06-13 00:24 UTC|