Woltlab Burning Board Multiple Input Validation Vulnerabilites

Woltlab Burning Board Multiple Input Validation Vulnerabilites

The attacker can exploit these issues through a browser. To exploit the cross-site scripting and URI-redirection vulnerabilities, the attacker must entice an unsuspecting user to follow a malicious URI.

The following example URIs are available:

http://www.example.com/[path]/wcf/acp/dereferrer.php?url=javascript:alert("Example");
http://www.example.com/[path]/wcf/acp/dereferrer.php?url=http://[host]
http://www.example.com/[path]/wbb/?page=ThreadAction&action=deleteAll&boardID=1&url=[local URL]