TUCoPS :: Web BBS :: etc :: b06-1585.htm

RevoBoard tag XSS

Revoboard (php) is based on an earlier version of PunBB.
I know for sure that this affects v1.8.

The email tag parser obsfucates emails to stop harvesters. To execute code, do this: 
$code = '\'" onMouseover="javascript:alert(/xss/)">';

