VULHUB ™

Meunity is a web-based community system that includes a forum. A script injection vulnerability has been reported in the Meunity forum that may allow for theft of cookies, content manipulation and other attacks. According to the report, user-supplied script code is not removed from IMG tags in forum topics. A malicious user may create a topic with script code embedded in an image tag. When other users view the topic, the script code will execute. The code will run in the context of the website domain and may result in a compromise depending on the server/application. Potential attacks include (but are not limited to) theft of session cookies/authentication information, content manipulation and performing unauthorized actions as the target user.

Meunity is a web-based community system that includes a forum. A script injection vulnerability has been reported in the Meunity forum that may allow for theft of cookies, content manipulation and other attacks. According to the report, user-supplied script code is not removed from IMG tags in forum topics. A malicious user may create a topic with script code embedded in an image tag. When other users view the topic, the script code will execute. The code will run in the context of the website domain and may result in a compromise depending on the server/application. Potential attacks include (but are not limited to) theft of session cookies/authentication information, content manipulation and performing unauthorized actions as the target user.