InstantForum.NET Members1/Logon.aspx XSS - Exabytes Security Portal

Categories

Applications (222)
Blogs (7)
Content Management (148)
Customer Relationship (2)
Discussion Boards (29)
E-Commerce (14)
General Purpose Directories (2)
Image Galleries (18)
Mailing Lists (1)
Tips (3)
Vulnerabilities (337)
Access Bypass (50)
Cross Site Scripting (123)
Denial Of Service (2)
File Inclusion (51)
Information Disclosure (15)
Privilege Escalation (2)
Remote Command Execution (16)
Session Hijacking (2)
SQL Injection (130)

InstantForum.NET Members1/Logon.aspx XSS

Published by CS Lee January 18th, 2007 in Cross Site Scripting and Discussion Boards.

Application: InstantForum.NET
Version: 4.1.0 or below
Vendor’s URL: http://www.instantasp.co.uk/Products/InstantForum/Default.aspx
Bug type: Cross Site Scripting
Risk: Low

Solution:
- Currently waiting for the bugs fix from respected vendor.