XMB Forum Multiple Remote Cross-Site Scripting Vulnerabilities

Bugtraq ID:	12886
Class:	Input Validation Error
CVE:	CVE-2005-0885
Remote:	Yes
Local:	No
Published:	Mar 23 2005 12:00AM
Updated:	Sep 11 2008 06:50PM
Credit:	"benji lemien" <[email protected]> is credited with the discovery of this issue.
Vulnerable:	XMB Forum 1.9.1
Not Vulnerable:	XMB Forum 1.9.8

XMB Forum Multiple Remote Cross-Site Scripting Vulnerabilities

XMB Forum is prome to multiple cross-site scripting vulnerabilities because the application fails to sanitize user-supplied input before including it in dynamically generated web content.

An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

XMB Forum Multiple Remote Cross-Site Scripting Vulnerabilities

No exploit is required.

XMB Forum Multiple Remote Cross-Site Scripting Vulnerabilities

Solution:
A vendor update is available. Contact the vendor for more information.

XMB Forum Multiple Remote Cross-Site Scripting Vulnerabilities

References:

• Summary of Official Vendor Statements (XMB)
  
• XMB Forum Home Page (The XMB Group)