CVE-2010-4874 Information

Description

Multiple cross-site scripting (XSS) vulnerabilities in users.php in NinkoBB 1.3 RC5 allow remote attackers to inject arbitrary web script or HTML via the (1) first_name (2) last_name (3) msn or (4) aim parameter.

Reference

http://packetstormsecurity.org/1010-exploits/ninkobb-xss.txt http://secunia.com/advisories/41933 http://securityreason.com/securityalert/8430 http://www.exploit-db.com/exploits/15330 http://www.htbridge.ch/advisory/xss_in_ninkobb.html http://www.osvdb.org/68897 http://www.securityfocus.com/archive/1/514527/100/0/threaded http://www.securityfocus.com/bid/44462 https://exchange.xforce.ibmcloud.com/vulnerabilities/62815