https://www.exploit-db.com/exploits/23011
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200308-049

Zorum3.4和3.5版本的index.php存在跨站脚本（XSS)漏洞。远程攻击者借助method参数注入任意web脚本或者HTML。

source: http://www.securityfocus.com/bid/8388/info

A cross-site scripting vulnerability has been reported in the index.php script of PHPOutSourcing Zorum. Because of this, an attacker may be able to execute HTML and script code in the browsers of target users in the security context of the site hosting the vulnerable script.

http://www.example.com/pathofzorum/index.php?method=<script>alert('test')
</script>

来源:XF
名称:zorum-index-xss(12867)
链接:http://xforce.iss.net/xforce/xfdb/12867
来源:BID
名称:8388
链接:http://www.securityfocus.com/bid/8388
来源:SECTRACK
名称:1013365
链接:http://securitytracker.com/id?1013365
来源:SECUNIA
名称:9497
链接:http://secunia.com/advisories/9497
来源:BUGTRAQ
名称:20030811ZH2003-22SA(securityadvisory):ZorumXSSVulnerabilityandPathDisclosure
链接:http://marc.theaimsgroup.com/?l=bugtraq&m;=106063199925536&w;=2