Cross-site scripting (XSS) vulnerability in YaBB 1 Gold(SP1.3) and YaBB SE 1.5.1 Final allows remote attackers to inject arbitrary web script via the background:url property in (1) glow or (2) shadow tags.
Software | From | Fixed in |
---|---|---|
yabb / yabb | 1_gold_-_sp_1.3 | 1_gold_-_sp_1.3.x |
yabb / yabb | 1.5.1 | 1.5.1.x |
simple_machines / simple_machines_smf | 1.0_b | 1.0_b.x |