Artnana Webboard version 1.4 XSS (Cross-site Scripting) Web Security Vulnerabilities
Exploit Title: Artnana Webboard version 1.4 Multiple XSS Security Vulnerabilities
Vulnerable Versions: version 1.4
Tested Version: version 1.4
Advisory Publication: May 09, 2015
Latest Update: May 09, 2015
Vulnerability Type: Cross-Site Scripting [CWE-79]
CVE Reference: *
Impact CVSS Severity (version 2.0):
CVSS v2 Base Score: 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:P/A:N) (legend)
Impact Subscore: 2.9
Exploitability Subscore: 8.6
Writer and Reporter: Jing Wang [School of Physical and Mathematical Sciences (SPMS), Nanyang Technological University (NTU), Singapore] (@justqdjing)
(1) Vendor & Product Description:
Product & Vulnerable Versions:
Vendor URL & Download:
Webboard can be obtained from here,
Product Introduction Overview:
"Webboard is Thailand IT company that provide software service. Webboard can make your website easier and convenience. WebBoard is a discussion board where you post messages and participate in discussions with the other people in the course."
(2) Vulnerability Details:
Artnana Webboard web application has a computer security bug problem. It can be exploited by stored XSS attacks. This may allow a remote attacker to create a specially crafted request that would execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server.
Several other Artnana products 0-day vulnerabilities have been found by some other bug hunter researchers before. Artnana has patched some of them. FusionVM? Vulnerability Management and Compliance provides sources for the latest info-sec news, tools, and advisories. It has published suggestions, advisories, solutions details related to XSS vulnerabilities.
(2.1) The first programming code flaw occurs at "&keyword" parameter in "search_topic.php?" page.
(2.2) The second programming code flaw occurs at "&keyword" parameter in "search_products.php" page.