[原文]Cross-site scripting (XSS) vulnerability in AliveSites Forums 2.0 allows remote attackers to inject arbitrary web script or HTML via the (1) forum_id, (2) method, or (3) forum_title parameters to post.asp, (4) the forum_title parameter to forum.asp, or (5) the id parameter to post.asp.
AliveSites Forum forum.asp forum_title Parameter XSS
Remote / Network Access
Loss of Integrity
AliveSites Forum 2.0 contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the forum_title parameter upon submission to the forum.asp script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.
OSVDB is not aware of a solution for this vulnerability.