GD bbPress 2.5 Cross Site Scripting

GD bbPress versions 2.5 and below suffer from a cross site scripting vulnerability.

MD5 | 087c655ff43ee9dfeea459aa735151b0

An authenticated user of a bbPress forum, who can attach a file, can inject arbitrary javascript code via filename. The arbitrary code runs both on the topic page and in the admin panel, and it only affects the administrators, moderators and the attacker.

The variable $error[afilea] in /code/attachments/front.php (line 349) is not escaped.

Public disclosure:
Video PoC:

Sent with [ProtonMail]( Secure Email.

Related Posts