AOH :: Web BBS :: etc :: B06-3061.HTM

AOH :: Web BBS :: etc :: B06-3061.HTM
aXentForum II XSS vuLLn

aXentForum II XSS vuLLn aXentForum II XSS vuLLn


vendor:http://www.axent.us/axentforum.cfm=0D 
affected versions:aXentForum II and prior=0D
=0D
aXentForum II contains a flaw that allows a remote Cross-Site Scripting attacks.Input passed to the "startrow" parameter in "viewposts.cfm" isn't properly sanitised before being returned to the user.=0D
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.=0D
=0D
Turkish hacker

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better). Site design & layout copyright © 1986-2009 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.