Vulners
Lucene search
Ultra Light Forum Cross Site Scripting
`# Ultra Light Forum Persistant XSS Vulnerability
# By cr4wl3r http://bastardlabs.info
# http://bastardlabs.info/advisories/?id=86
# Script: http://sourceforge.net/projects/ultralightforum/files/
# Tested: Win 7
Description :
Ultra Light Forum developed in PHP and MySQL as a standalone forum with high speed, high user-friendliness.
User can create, delete topic, can reply to others topic.
The forum also comes with poll, where user can vote. To know more try UL Forum.
Proof of Concept :
Choose profile settings, and put the messages box with
<script>alert(document.cookie)</script>
And update your profile
So if any user can view you profile, the script will be execute
Demo:
http://bastardlabs.info/demo/ultraforum1.png
http://bastardlabs.info/demo/ultraforum2.png
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
14 Feb 2013 00:00Current
0.1Low risk
Vulners AI Score0.1