[KAPDA]MyBB 1.1.4~function_post.php~XSS Attack In URL tag

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: [KAPDA]MyBB 1.1.4~function_post.php~XSS Attack In URL tag
From: addmimistrator@xxxxxxxxx
Date: 28 Jun 2006 06:52:04 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

ORIGINAL ADVISORY:
http://kapda.ir/page-advisory.html
http://myimei.com/security/2006-06-22/mybb-114-function_postphpxss-attack-in-url-tag.html

???????Summary?????-
Software: MyBB
Sowtware?s Web Site: http://www.mybboard.com
Versions: 1.1.3
Class: Remote
Status: Patched
Exploit: Available
Discovered by: imei addmimistrator
Risk Level:low-medium
??????Description?????
Mybb has a security bug that allows hackers run unwanted scripts into client?s 
browser that well known as XSS cross site scripting attack.
READ ORIGINAL ADVISORY FOR MORE DETAIL

Prev by Date: smartsite cms v1.0 Remote File include
Next by Date: vCard PRO SQL Injection
Previous by thread: smartsite cms v1.0 Remote File include
Next by thread: vCard PRO SQL Injection
Index(es):
- Date
- Thread