XMB is a php-based forum. This product contain a
Cross Site Scripting vulnerability that allows
attackers to insert JavaScript code (and other HTML
code) into existing messages, bypassing the internal
JavaScript/HTML code stripper.

   Exploit:
   [img]javasCript:alert('Hello world.')[/img]

   Vulnerable systems:
   All versions of XMB board, including last version -
   XMB 1.6x Magic Lantern

   Immune systems:
   None

   Possible solution:
   Searching the image URL for the text "javascript:"
should solve the problem

                                      SliderGod.

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]