Cross-site Scripting (XSS) Vulnerability in Jamroom

High-Tech Bridge SA Security Research Lab has discovered vulnerability in Jamroom which could be exploited to perform cross-site scripting attacks.

1. Cross-site scripting (XSS) vulnerability in Jamroom: CVE-2010-2463
   The vulnerability exists due to input sanitation error in the “post_id” parameter in forum.php. A remote attacker can send a specially crafted HTTP request to the vulnerable script and execute arbitrary HTML and script code in user`s browser in context of the vulnerable website.
   Exploitation example:
   http://host/forum.php?mode=modify&band_id=0&t=<T>&c=<C>&
   post_id=<POST_ID>% 00%27%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E