[原文]Cross-site scripting (XSS) vulnerability in misc.php in Woltlab Burning Board (wBB) 2.3.4 allows remote attackers to inject arbitrary web script or HTML via the percent parameter. NOTE: this issue has been disputed in a followup post, although the original disclosure might be related to reflected XSS.
Woltlab Burning Board was reported to contain a flaw that allows a remote cross site scripting attack. This flaw supposedly exists because the application does not validate the 'percent' variable upon submission to the misc.php script. Further discussion revealed that this flaw requires a valid administrator login in order to access the misc.php script, and a valid administrator session id in order to craft a URL for an administrator to click.
The vulnerability reported is incorrect. No solution required.