XMB Forum Multiple Vulnerabilities

Multiple vulnerabilities have been reported in XMB Forum. The specific issues include an information-disclosure issue and multiple cross-site scripting and SQL-injection issues.

Attackers can exploit these issues to steal cookie-based authentication credentials, modify SQL query logic and structure, and obtain sensitive information about the underlying environment. Cumulatively, these issues could allow remote attackers to hijack accounts, compromise the forum, mount attacks on the database, and launch further attacks against system resources.

Note that these issues appear to have been introduced across different versions of the software.


 

Privacy Statement
Copyright 2010, SecurityFocus