https://www.exploit-db.com/exploits/26224
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200509-076

UnclassifiedNewsBoard是一款基于WEB的PHP编写的论坛程序。UnclassifiedNewsBoard1.5.3版中的跨站脚本(XSS)漏洞允许远程攻击者通过描述字段注入任意web脚本或HTML。

source: http://www.securityfocus.com/bid/14748/info

Unclassified NewsBoard is prone to an HTML injection vulnerability. This is due to a lack of proper sanitization of user-supplied input before using it in dynamically generated content.

Attacker-supplied HTML and script code would be executed in the context of the affected Web site, potentially allowing for theft of cookie-based authentication credentials. An attacker could also exploit this issue to control how the site is rendered to the user; other attacks are also possible.

post new message and paste into description field:
</div><script>alert(document.cookie)</script>

来源:BID
名称:14748
链接:http://www.securityfocus.com/bid/14748
来源:VUPEN
名称:ADV-2005-1665
链接:http://www.frsirt.com/english/advisories/2005/1665
来源:SECUNIA
名称:16726
链接:http://secunia.com/advisories/16726
来源:MISC
链接:http://packetstormsecurity.org/0509-exploits/unb153.html
来源:XF
名称:unclassified-newsboard-xss(22172)
链接:http://xforce.iss.net/xforce/xfdb/22172
来源:OSVDB
名称:19239
链接:http://www.osvdb.org/19239
来源:BUGTRAQ
名称:20050905UNB1.5.3crosssitescripting
链接:http://marc.theaimsgroup.com/?l=bugtraq&m;=112605049014473&w;=2