CVE-2011-0526 Information

Description

Cross-site scripting (XSS) vulnerability in index.php in Vanilla Forums before 2.0.17 allows remote attackers to inject arbitrary web script or HTML via the Target parameter in a /entry/signin action.

Reference

http://openwall.com/lists/oss-security/2011/01/27/2 http://openwall.com/lists/oss-security/2011/01/27/5 http://secunia.com/advisories/43074 http://www.osvdb.org/70677 http://www.vanillaforums.org/discussion/14397/vanilla-2.0.17-released http://yehg.net/lab/pr0js/advisories/5Bvanilla_forums-2.0.165D_cross_site_scripting