Discovery is credited to tom cruise <email@example.com>.
forumKIT forumKIT 1.0
forumKIT is prone to a cross-site scripting vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied URI input.
The problem presents itself when malicious HTML and script code is sent to the application through the 'members' parameter.
This vulnerability has been reported to exist in forumKIT 1.0.
An exploit is not required.
An example URI sufficient to exploit this vulnerability was provided: http://www.example.com/f.aspx?members=">&lt;script&gt;alert(document.cookie);&lt;/script&gt;
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: firstname.lastname@example.org <mailto:email@example.com>.