VULHUB ™

Ikonboard is prone to HTML injection attacks via X-Forwarded-For: HTTP header fields for proxies. When Ikonboard is accessed via a proxy, it will log the user's IP address as the address that appears in the X-Forwarded-For: HTTP header field. HTML will not be sanitized when this information in the HTTP header field is logged. When an administrator views the logged IP address, script code supplied via a malicious X-Forwarded-For: HTTP header field will be executed in the web client of the administrator. While the data in the header field is limited to 16 characters, it may be possible to embed malicious script code or HTML over multiple requests. This issue was reported in Ikonboard 3.1.1. Other versions may also be affected.

Ikonboard is prone to HTML injection attacks via X-Forwarded-For: HTTP header fields for proxies. When Ikonboard is accessed via a proxy, it will log the user's IP address as the address that appears in the X-Forwarded-For: HTTP header field. HTML will not be sanitized when this information in the HTTP header field is logged. When an administrator views the logged IP address, script code supplied via a malicious X-Forwarded-For: HTTP header field will be executed in the web client of the administrator. While the data in the header field is limited to 16 characters, it may be possible to embed malicious script code or HTML over multiple requests. This issue was reported in Ikonboard 3.1.1. Other versions may also be affected.