VULHUB ™

Woltlab Burning Board (wBB) 2.3.6和Burning Board Lite 1.0.2pl3e的register.php中存在多个跨站脚本攻击漏洞。远程攻击者可以借助(1)r_username,(2)r_email,(3)r_password,(4)r_confirmpassword,(5)r_homepage,(6)r_icq,(7)r_aim,(8)r_yim,(9)r_msn,(10)r_year,(11)r_month, (12)r_day,(13)r_gender,(14)r_signature,(15)r_usertext,(16)r_invisible,(17)r_usecookies,(18)r_admincanemail,(19) r_emailnotify,(20)r_notificationperpm,(21)r_receivepm,(22)r_emailonpm,(23)r_pmpopup,(24)r_showsignatures,(25)r_showavatars,(26) r_showimages,(27)r_daysprune,(28)r_umaxposts,(29)r_dateformat,(30)r_timeformat,(31)r_startweek,(32)r_timezoneoffset,(33) r_usewysiwyg,(34)r_styleid,(35)r_langid,(36)key_string,(37)key_number,(38)disablesmilies,(39)disablebbcode,(40)disableimages,(41)field[1],(42)field[2]和(43)field[3]参数，注入任意的web脚本或HTML。

Woltlab Burning Board (wBB) 2.3.6和Burning Board Lite 1.0.2pl3e的register.php中存在多个跨站脚本攻击漏洞。远程攻击者可以借助(1)r_username,(2)r_email,(3)r_password,(4)r_confirmpassword,(5)r_homepage,(6)r_icq,(7)r_aim,(8)r_yim,(9)r_msn,(10)r_year,(11)r_month, (12)r_day,(13)r_gender,(14)r_signature,(15)r_usertext,(16)r_invisible,(17)r_usecookies,(18)r_admincanemail,(19) r_emailnotify,(20)r_notificationperpm,(21)r_receivepm,(22)r_emailonpm,(23)r_pmpopup,(24)r_showsignatures,(25)r_showavatars,(26) r_showimages,(27)r_daysprune,(28)r_umaxposts,(29)r_dateformat,(30)r_timeformat,(31)r_startweek,(32)r_timezoneoffset,(33) r_usewysiwyg,(34)r_styleid,(35)r_langid,(36)key_string,(37)key_number,(38)disablesmilies,(39)disablebbcode,(40)disableimages,(41)field[1],(42)field[2]和(43)field[3]参数，注入任意的web脚本或HTML。