9 lines
No EOL
535 B
Text
9 lines
No EOL
535 B
Text
source: http://www.securityfocus.com/bid/4619/info
|
|
|
|
MiniBB is web forum software. It is written in PHP and will run on most Unix and Linux variants as well as Microsoft Windows operating systems.
|
|
|
|
MiniBB does not filter script code from URL parameters, making it prone to cross-site scripting attacks.
|
|
|
|
This may enable a remote attacker to steal cookie-based authentication credentials from legitimate users of a website running MiniBB.
|
|
|
|
http://target/forums/index.php?action=search&searchFor="><script>alert("test")</script > |