CVE-2009-3147

Description

Cross-site scripting (XSS) vulnerability in showproduct.php in ReviewPost Pro vB3 allows remote attackers to inject arbitrary web script or HTML via the date parameter.

Affected products

• allenthusiast / reviewpost_php_prob3 – b3

References

• VENDOR_ADVISORYhttp://secunia.com/advisories/36029
• MISChttp://www.osvdb.org/56615
• EXPLOIThttp://packetstormsecurity.org/0907-exploits/reviewpost-xss.txt