Cross-site scripting (XSS) vulnerability in DCForum 6.25 and previous versions, and possibly DCForum+ 1.x, allows remote malicious users to inject arbitrary web script or HTML via (1) the page parameter in dcboard.php and (2) unspecified search parameters.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
dcscripts dcforum+ 1.002 |
||
dcscripts dcforum 6.21 |
||
dcscripts dcforum+ 1.1 |
||
dcscripts dcforum 2k 1.1 |
||
dcscripts dcforum 6.2 |
||
dcscripts dcforum+ 1.0 |
||
dcscripts dcforum+ 1.003 |
||
dcscripts dcforum 5.11 |
||
dcscripts dcforum 6.0 |
||
dcscripts dcforum+ 1.2 |
||
dcscripts dcforum 6.23 |
||
dcscripts dcforum 2000 1.1 |
||
dcscripts dcforum 6.25 |
||
dcscripts dcforum 6.1 |
||
dcscripts dcforum 6.22 |
||
dcscripts dcforum+ 1.001 |