class-1 Forum users.php Multiple Variable XSS

2005-07-14T12:10:42
ID OSVDB:17920
Type osvdb
Reporter OSVDB
Modified 2005-07-14T12:10:42

Description

Manual Testing Notes

http://[victim]/forum/users.php?mode=viewprofile&viewuser_id=89[XSS-code] http://[victim]/forum/users.php?mode=viewgroup&group=Moderators[XSS-code]

References:

Vendor URL: http://www.class1web.co.uk/download_forum.php Security Tracker: 1014486 Security Tracker: 1014485 Secunia Advisory ID:16078 Related OSVDB ID: 17923 Related OSVDB ID: 17921 Related OSVDB ID: 17922 Other Advisory URL: http://lostmon.blogspot.com/2005/07/class-1-forum-software-cross-site.html Bugtraq ID: 14261