[SePro Bugtraq] WBB - WoltLab Burning Board <= 2.3.1 - XSS Vulnerability (22.04.05) Vendor: WoltLab URL: http://www.woltlab.de/ Version: <= 2.3.1 Type: XSS Discovered by deluxe89 Description: -------------------------------- The WoltLab Burning Board is a high customisable forum software for every kind of use. See [1] for a detailed description. Cross Site Scripting: -------------------------------- It's possible to inject HTML or JavaScript code into the variable "hilight" of thread.php. /thread.php?threadid=[TOPIC_ID]&hilight=[XSS] TOPIC_ID must be the ID of a topic, that exists. Solution: -------------------------------- There isn't a solution yet. Security-Project -------------------------------- http://www.security-project.org Vendor contacted. Greetz to Astovidatu, DooMRunneR, Wacholdernutte and Doc [1] http://www.woltlab.de/products/burning_board/index_en.php
