Gerd Tentler Simple Forum Multiple Input Validation Vulnerabilities

Gerd Tentler Simple Forum is prone to multiple input-validation vulnerabilities, including two cross-site scripting issues and a file-disclosure issue, because the application fails to properly sanitize user-supplied input.

Attackers can exploit these issues to steal cookie-based authentication credentials, to control how the site is rendered to the user, or to gain access to information that could aid in further attacks.

Simple Forum 3.2 is vulnerable; other versions may also be affected.


 

Privacy Statement
Copyright 2010, SecurityFocus