CVE-2009-3204 Information

Description

Multiple cross-site scripting (XSS) vulnerabilities in Stiva Forum 1.0 allow remote attackers to inject arbitrary web script or HTML via the id parameter to (1) demo.php and (2) forum.php and the PATH_INFO to (3) include_forum.php.

Reference

http://osvdb.org/57177 http://osvdb.org/57178 http://packetstormsecurity.org/0908-exploits/stivaforum-xss.txt http://secunia.com/advisories/36409 https://exchange.xforce.ibmcloud.com/vulnerabilities/52613