XenForo 1.4.9 Cross Site Scripting

2015-07-27T00:00:00
ID PACKETSTORM:132845
Type packetstorm
Reporter WRZ
Modified 2015-07-27T00:00:00

Description

                                        
                                            `[+] Credits: snop.  
  
[+] Domains: rabbitz.org  
  
  
Vulnerability Type:  
===================  
XSS  
  
  
Vendor:  
===================  
www.xenforo.com  
  
  
Product:  
=====================================================================  
XenForo <= 1.4.9  
  
A compelling community experience. Intuitive. Social. Engaging. Fast.  
XenForo brings a fresh outlook to forum software.  
  
  
Advisory Information:  
====================================================  
  
Reflected Cross Site Scripting Vulnerability:  
  
  
Vulnerability Details:  
=====================  
  
No Useraccount required.  
------------------------------------  
  
vulnerable URL:  
https://website/community/register/validate-field  
  
vulnerable POST parameter:  
'name='  
  
  
Severity Level:  
=========================================================  
High  
`