TD Forum Cross-Agent Scripting Vulnerability

TD Forum is commercial web forum software for unix platforms.

TD Forum v1.2 does not filter malicious HTML tags (such as <SCRIPT>) from user-supplied input. An attacker can submit scripting code into a forum message which will be executed by the browser of the user viewing the message.

Cross-agent scripting attacks may occur as a result of this issue. The attack will appear to originate from the site hosting TD Forum.


Privacy Statement
Copyright 2010, SecurityFocus