CVE-2008-3709 Information

Description

Multiple cross-site scripting (XSS) vulnerabilities in CyBoards PHP Lite 1.21 allow remote attackers to inject arbitrary web script or HTML via the (1) lOptionsOptions (2) lNavAdminOptions or (3) lNavReturn parameter to options.php; or the (4) lNavReturn parameter to subscribe.php.

Reference

http://packetstormsecurity.org/0808-exploits/cyboards-rfilfixss.txt http://www.attrition.org/pipermail/vim/2008-August/002052.html http://www.securityfocus.com/bid/30688 https://exchange.xforce.ibmcloud.com/vulnerabilities/44476