VULHUB ™

YaBB (Yet Another Bulletin Board) is freely available web forum software that is written in Perl. YaBB will run on most Unix/Linux variants, MacOS, and Microsoft Windows 9x/ME/NT/2000/XP platforms. Versions of YaBB are subject to a script injection issue via Flash files. YaBB permits users to upload Flash content, however, it is possible to craft a Flash file in such a way that malicious JavaScript is included in the getURL action. If a user views a post containing the maliciously crafted Flash file, the JavaScript included in the getURL action will execute within the context of the site running YaBB. This issue may be exploited to steal cookie-based authentication credentials from legitimate users of YaBB.

YaBB (Yet Another Bulletin Board) is freely available web forum software that is written in Perl. YaBB will run on most Unix/Linux variants, MacOS, and Microsoft Windows 9x/ME/NT/2000/XP platforms. Versions of YaBB are subject to a script injection issue via Flash files. YaBB permits users to upload Flash content, however, it is possible to craft a Flash file in such a way that malicious JavaScript is included in the getURL action. If a user views a post containing the maliciously crafted Flash file, the JavaScript included in the getURL action will execute within the context of the site running YaBB. This issue may be exploited to steal cookie-based authentication credentials from legitimate users of YaBB.