{"vuid":"VU#255915","idnumber":"255915","name":"WebBoard does not adequately validate user input thereby permitting arbitrary JavaScript execution","keywords":["WebBoard","user input","javascript","escaped characters"],"overview":"WebBoard does not adequately validate user input, allowing attackers to execute arbitrary JavaScript code on other WebBoard users' systems.","clean_desc":"WebBoard is a web application which includes a real-time chat server, using JavaScript alerts to display messages received by other users. WebBoard does not adequately filter messages sent through the chat server, allowing attackers to execute arbitrary JavaScript code on other users' systems.","impact":"Attackers can execute arbitrary JavaScript code on other WebBoard client users' systems.","resolution":"Upgrade Upgrade to WebBoard version 4.2, available at: ftp://ftp.chatspace.com/wb/support/software/webboard/webboard_4/windows_edition_msdesql/webboard42.zip","workarounds":"","sysaffected":"","thanks":"Thanks to Helmuth Antholzer for reporting this vulnerability.","author":"This document was written by Shawn Van Ittersum.","public":["h","t","t","p",":","/","/","w","w","w",".","s","e","c","u","r","i","t","y","f","o","c","u","s",".","c","o","m","/","b","i","d","/","2","8","1","4"],"cveids":["CVE-2001-0743"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2001-06-12T12:50:11Z","publicdate":"2001-06-02T00:00:00Z","datefirstpublished":"2002-09-27T15:59:22Z","dateupdated":"2003-09-23T02:34:30Z","revision":3,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"15","cam_exploitation":"0","cam_internetinfrastructure":"4","cam_population":"6","cam_impact":"4","cam_easeofexploitation":"15","cam_attackeraccessrequired":"20","cam_scorecurrent":"2.565","cam_scorecurrentwidelyknown":"3.24","cam_scorecurrentwidelyknownexploited":"5.94","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":2.565,"vulnote":null}