Advisory name : Woltlab Burning Board Lite formmail.php XSS
Discovered by : drhankey / it-security23.net
Vendor Name : Woltlab
Vendor Homepage : http://www.woltlab.de
Software : Woltlab Burning Board Lite
Vulnerability Type : Cross-Site-Scripting
Vulnerable Versions : 1.0.0, 1.0.1e, maybe more
Platforms : OS Independent, PHP
Woltlab Burning Board Lite is the free version of the Woltlab Burning Board,
a PHP based bulletin board
formmail.php outputs the "userid"-parameter unfiltered, so its possible to add arbitary Code to the output
by using a malformed link.
The Board also allows logging in with stolen cookies.