Related information

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

[Full-disclosure] WebEOC Vuln - more info

[ECHO_ADV_27$2006] AngelineCMS 0.8.1 Installpath Remote File Inclusion

ArabPortal 2.0.1 Stable [ 9 CrossSiteScripting & 1 SQL Injection ] MultBugz

[ GLSA 200604-02 ] Horde Application Framework: Remote code execution

From:	r0t <krustevs_(at)_googlemail.com>
Date:	05.04.2006
Subject:	SKForum XSS vuln.

SKForum XSS vuln.

###############################################
Vuln. discovered by : r0t
Date: 5 april 2006
vendor:http://soft.killingar.net/documents/SKForum
affected versions:1.5 and prior
orginal advisory:http://pridels.blogspot.com/2006/04/skforum-xss-vuln.html
###############################################

Vuln. Description:

SKForum contains a flaw that allows a remote cross site scripting
attack. This flaw exists because input passed to "areaID" "time"
"userID" paremeters  isn't properly sanitised before being returned to
the user.
This could allow a user to create a specially crafted URL that would
execute arbitrary code in a user's browser within the trust
relationship between the browser and the server, leading to a loss of
integrity.

examples:

/area.View.action?areaID=[XSS]
/planning.View.action?time=[XSS]
/user.View.action?userID=[XSS]

###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################
More information @ unsecured-systems.com/forum/