L-Forum XSS and upload spoofing

L-Forum XSS and upload spoofing PROGRAM: L-Forum VENDOR: Leszek Krupinski [email protected] HOMEPAGE: http://l-forum.x-php.net/ VULNERABLE VERSIONS: 2.4.0, possibly others IMMUNE VERSIONS: none, but an official patch is available for some issues SEVERITY: high LOGIN REQUIRED: no DESCRIPTION: "L-Foru...