XSS vulnerability in WWWThreads (php version)

Summary

Vulnerability
XSS vulnerability in WWWThreads (php version)
Discovered
2010.11.26
Last Update
n/a n/a
ID
EV0155
CVE
n/a
Risk Level
low
Type
Cross Site Scripting
Status
Unpatched. Vendor notified. No reply from developer(s).
Vendor
WWWThreads (http://www.wwwthreads.com/)
Vulnerable Software
WWWThreads (php version)
Version
2006.11.25
PoC/Exploit
Available
Solution
Not available
Discovered by
Aliaksandr Hartsuyeu (eVuln.com)

Description

Cross Site Scripting found in WWWThreads (php version) script.

Non-persistent XSS
It is possible to inject xss code into act parameter in play.php script.

Parameter act is used without proper sanitation.

PoC/Exploit

Non-persistent XSS Example.

XSS example: http://website/forum/play.php?act=<XSS>

Solution.

Solution for "XSS vulnerability in WWWThreads (php version)" is not available. Check WWWThreads website for updates.