PostBoard 2.0 - Topic Title Script Execution

Author: gcsb
type: webapps
platform: php
port: 
date_added: 2002-04-19 
date_updated: 2012-09-20 
verified: 1 
codes: CVE-2002-0535;OSVDB-9248 
tags: 
aliases:  
screenshot_url:  
application_url: 

source: https://www.securityfocus.com/bid/4561/info

PostBoard is a freely available, open source message board module for the PostNuke content management system. It is designed for use on the Unix and Linux operating systems.

PostBoard does not adequately sanitize input by board users. Because of this, it is possible for users of the board to insert script code in message titles.

The following code is proof of concept:

<script>alert('give me cookies');</script>