e107 CMS 0.7.2 Chatbox plugin XSS vulnerability

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: e107 CMS 0.7.2 Chatbox plugin XSS vulnerability
From: ssteam.pl@xxxxxxxxx
Date: Sat, 18 Feb 2006 10:08:35 +0100
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:date:to:subject:message-id:mime-version:content-type:content-disposition:user-agent:from; b=dtoZ4eFs10s6ov6FPBvvZry+KsC6lY+B97nidCntLrcmSEJ6xko9rjvirsqb5mv2RCZ5JOdCPMJ12NsJwvwLrn6LlI3S9zUGhbhQswwkvqwKdf3SWoO0Pm3KJroOG3d51xl2y5p91G/uLFUuGpWn8W06y3fzek4Cz1BKlAQmfsc=
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
User-agent: Mutt/1.5.9i

Software:         e107 CMS 0.7.2
Software Details: Chatbox Plugin v1.0
Class:            Remote
Type:             XSS


========== Desription ===========
XSS vulnerability exists in  e107 0.7.2  CMS.
user input is not correctly sanitized in Chatbox Plugin v1.0.



========== Exploit =============
just paste sample code to a Chatbox:
<script>alert("xss vuln found by ssteam")</script>



Discovered by: marc & shb  (ssteam.pl@xxxxxxxxx)

Regards,
marc & shb

Prev by Date: Coppermine Photo Gallery <=1.4.3 remote code execution
Next by Date: Tasarim Rehberi Index.PHP Remote Command Exucetion
Previous by thread: Coppermine Photo Gallery <=1.4.3 remote code execution
Next by thread: Tasarim Rehberi Index.PHP Remote Command Exucetion
Index(es):
- Date
- Thread