XMB is a php-based forum. This product contain a
Cross Site Scripting vulnerability that allows
attackers to insert JavaScript code (and other HTML
code) into existing messages, bypassing the internal
JavaScript/HTML code stripper.
Exploit:
[img]javasCript:alert('Hello world.')[/img]
Vulnerable systems:
All versions of XMB board, including last version -
XMB 1.6x Magic Lantern
Immune systems:
None
Possible solution:
Searching the image URL for the text "javascript:"
should solve the problem
SliderGod.
