VULHUB ™

Ikonboard is a web based bulletin board package implemented in Perl. It may be installed under Linux, Windows, or many Unix platforms. Versions of Ikonboard are subject to a script injection issue via Flash files. Ikonboard permits users to upload Flash content, however, it is possible to craft a Flash file in such a way that malicious JavaScript is included in the getURL action. If a user views a post containing the maliciously crafted Flash file, the JavaScript included in the getURL action will execute within the context of the site running Ikonboard. This issue may be exploited to steal cookie-based authentication credentials from legitimate users of Ikonboard.

Ikonboard is a web based bulletin board package implemented in Perl. It may be installed under Linux, Windows, or many Unix platforms. Versions of Ikonboard are subject to a script injection issue via Flash files. Ikonboard permits users to upload Flash content, however, it is possible to craft a Flash file in such a way that malicious JavaScript is included in the getURL action. If a user views a post containing the maliciously crafted Flash file, the JavaScript included in the getURL action will execute within the context of the site running Ikonboard. This issue may be exploited to steal cookie-based authentication credentials from legitimate users of Ikonboard.