High-Tech Bridge SA Security Research Lab has discovered vulnerability in Jamroom which could be exploited to perform cross-site scripting attacks.
- Cross-site scripting (XSS) vulnerability in Jamroom: CVE-2010-2463
The vulnerability exists due to input sanitation error in the βpost_idβ parameter in forum.php. A remote attacker can send a specially crafted HTTP request to the vulnerable script and execute arbitrary HTML and script code in user`s browser in context of the vulnerable website.
Exploitation example:
http://host/forum.php?mode=modify&band_id=0&t=<T>&c=<C>&
post_id=<POST_ID>% 00%27%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E