26th Sep 2002 [SBWID-5409]
COMMAND

	XMB Forum Cross Site Scripting security hole

SYSTEMS AFFECTED

	Probably all versions

PROBLEM

	val2 [valdeux@aol.com] found a CSS vulnerability on XMB Forum:
	
	when you go to any board
	
	EX  :   http://www.xmbforum.com/community/forumdisplay.php?fid=XX,   The
	board contains, by example, "new topic" function.
	
	so, it contains this html code :
	
	
	  <a href="post.php?action=newthread&fid=XX">
	
	
	But if we replace [XX] by [">], it closes the link, and  anything  could
	be written after, including malicious javascript code !
	
	EXAMPLE (no risks) :
	
	
	 http://www.xmbforum.com/community/forumdisplay.php?fid=21"><script>alert(document.cookie)</script>
	
	
	 ===> shows cookie
	
	A hacker could make his  own  http:/www.blahblah.com/sk/save_cookie.php,
	and redirect user in order to get cookie ...
	
	
	So, anybody could get cookie (and maybe password) of any brash user ...

SOLUTION

	Nothing yet.