COMMAND

	XMB Forum Cross Site Scripting security hole

SYSTEMS AFFECTED

	Probably all versions

PROBLEM

	val2 [valdeux@aol.com] found a CSS vulnerability on XMB Forum:
	

	when you go to any board
	

	EX  :   http://www.xmbforum.com/community/forumdisplay.php?fid=XX,   The
	board contains, by example, \"new topic\" function.
	

	so, it contains this html code :
	

	

	  <a href=\"post.php?action=newthread&fid=XX\">

	

	

	But if we replace [XX] by [\">], it closes the link, and  anything  could
	be written after, including malicious javascript code !
	

	EXAMPLE (no risks) :
	

	

	 http://www.xmbforum.com/community/forumdisplay.php?fid=21\"><script>alert(document.cookie)</script>

	

	

	 ===> shows cookie

	

	A hacker could make his  own  http:/www.blahblah.com/sk/save_cookie.php,
	and redirect user in order to get cookie ...
	

	

	So, anybody could get cookie (and maybe password) of any brash user ...

SOLUTION

	Nothing yet.