Description
Multiple cross-site scripting (XSS) vulnerabilities in D-Forum 1.11 allows remote attackers to inject arbitrary web script or HTML via certain fields, as demonstrated using the page parameter in nav.php3.
Affected products
- adalis / d-forum1.11 – 1.11
References
- VENDOR_ADVISORYhttp://secunia.com/advisories/14464
- MISChttp://securitytracker.com/id?1013349