icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

PScript PForum < 1.26 User Profile XSS

Medium

Synopsis

The remote host is running a vulnerable version of PForum, a web forum software implemented in PHP.

Description

The remote host is running a vulnerable version of PForum, a web forum software implemented in PHP. It is reported that versions prior 1.26 are vulnerable to cross-site scripting (XSS). An attacker may include malicious HTML in the 'AIM ID' and 'IRC Server' fields of his profile. This malicious code may be rendered by a victim's browser displaying the attacker profile. It may permit the attacker to steal cookie-based authentication credentials or to exploit latent security flaws in web browsers.

Solution

Upgrade to PScript PForum 1.26 or higher.