VULHUB ™

XMB Forum 1.6 Magic Lantern is a web based discussion forum. XMB Forum Magic Lantern does not filter script code from URL parameters, making it prone to cross-site scripting attacks. Attacker-supplied script code may be included in a malicious link to the 'forumdisplay.php' script. Such a malicious link might be included in a HTML e-mail or on a malicious webpage. This may enable a remote attacker to steal cookie-based authentication credentials from legitimate users of a host running XMB Forum.

XMB Forum 1.6 Magic Lantern is a web based discussion forum. XMB Forum Magic Lantern does not filter script code from URL parameters, making it prone to cross-site scripting attacks. Attacker-supplied script code may be included in a malicious link to the 'forumdisplay.php' script. Such a malicious link might be included in a HTML e-mail or on a malicious webpage. This may enable a remote attacker to steal cookie-based authentication credentials from legitimate users of a host running XMB Forum.