Cross-site scripting (XSS) vulnerability in webSPELL 4.2.0c allows remote malicious users to inject arbitrary web script or HTML allows remote malicious users to inject arbitrary web script or HTML via Javascript events such as onmouseover in nested BBcode tags, as demonstrated using (1) email, (2) img, and (3) url tags.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
webspell webspell 4.2.0c |