Arbitrary Script Execution via XSS in BadBlue Personal Edition 1.7.3

Arbitrary Script Execution via XSS in BadBlue Personal Edition 1.7.3

CVE-2002-1683 · MEDIUM Severity

AV:N/AC:M/AU:N/C:N/I:P/A:N

Cross-site scripting (XSS) vulnerability in BadBlue Personal Edition 1.7.3 allows remote attackers to execute arbitrary script as other users by injecting script into the cleanSearchString() function.

Learn more about our User Device Pen Test.