SA-CONTRIB-2009-040 - Advanced Forum - Multiple vulnerabilities

Cross-site scripting The Advanced Forum module does not correctly handle certain arguments obtained from the URL. By enticing a suitably privileged user to visit a specially crafted URL, a malicious user is able to insert arbitrary HTML and script code into forum pages. Such a cross-site scriptin...