Info

Disclosure

Oct 31, 2005

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

ASP Fast Forum contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'error' parameter upon submission to the 'error.asp' script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Discontinued Product
Exploit: Exploit Public
Disclosure: Uncoordinated Disclosure
OSVDB: Web Related

Solution

The vendor has discontinued this product and therefore has no patch or upgrade that mitigates this problem. It is recommended that an alternate software package be used in its place.

Products

Aps

ASP Fast Forum

Unknown or Unspecified

References

Bugtraq ID: 15233
Secunia Advisory ID: 17387
CVE ID: 2005-3422 (see also: NVD)
VUPEN Advisory: ADV-2005-2252
Vendor URL: http://www.aspfastforum.com/aspfastforum/ [ Link is 404 ]

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/20398