|
vendor:http://www.axent.us/axentforum.cfm=0D
affected versions:aXentForum II and prior=0D
=0D
aXentForum II contains a flaw that allows a remote Cross-Site Scripting attacks.Input passed to the "startrow" parameter in "viewposts.cfm" isn't properly sanitised before being returned to the user.=0D
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.=0D
=0D
Turkish hacker