XSS vulnerability in WWWThreads (php version)

Summary

Vulnerability: XSS vulnerability in WWWThreads (php version)
Discovered: 2010.11.26
Last Update: n/a n/a
ID: EV0155
CVE: n/a
Risk Level: low
Type: Cross Site Scripting
Status: Unpatched. Vendor notified. No reply from developer(s).
Vendor: WWWThreads (http://www.wwwthreads.com/)
Vulnerable Software: WWWThreads (php version)
Version: 2006.11.25
PoC/Exploit: Available
Solution: Not available
Discovered by: Aliaksandr Hartsuyeu (eVuln.com)

Description

Cross Site Scripting found in WWWThreads (php version) script.

Non-persistent XSS: It is possible to inject xss code into act parameter in play.php script.

Parameter act is used without proper sanitation.

PoC/Exploit

Non-persistent XSS Example.

XSS example: http://website/forum/play.php?act=<XSS>

Solution.

Solution for "XSS vulnerability in WWWThreads (php version)" is not available. Check WWWThreads website for updates.