Bandersnatch Index.PHP Multiple Cross-Site Scripting Vulnerabilities

info
discussion
exploit
solution
references

Bandersnatch Index.PHP Multiple Cross-Site Scripting Vulnerabilities

Attackers can exploit these issues by enticing an unsuspecting user to follow a malicious URI.

The follow proof-of-concept URIs are available:

http://www.example.com/path/to/index.php?func=[injectionpoint]
http://www.example.com/path/to/index.php?date=[injectionpoint]
http://www.example.com/path/to/index.php?func=log&jid=[injectionpoint]
http://www.example.com/path/to/index.php?func=user&jid=[injectionpoint]