Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:31867
HistoryMar 23, 2015 - 12:00 a.m.

TangoBB 1.5.0-A3 XSS Vulnerability

2015-03-2300:00:00
vulners.com
16
JSON

Exploit Title: TangoBB 1.5.0-A3 XSS Vulnerability

Google Dork: "Powered by TangoBB"

Date: 24-2-2015

Exploit Author: Dennis Veninga

Vendor Homepage: https://github.com/Codetana/TangoBB

Version: 1.5.0-A3

Tested on: Firefox 36 & Chrome 38 / W8.1-x64

CVE : NONE

Published: 24-2-2015
Vendor updated: 24-2-2015

TangoBB ->
Version: 1.5.0-A3
Date: 24-2-2015
Found By: Dennis Veninga
Exploit info: XSS Vulnerability
Dork: "Powered by TangoBB"

XSS:
http://{target}/TangoBB/new.php/node/1

Affects: created topic, so an user can infect other users with malware and or take over their systems.

JSON