The mentioned issue, ie passing script via the form, will only affect the USER
who is doing it.
you probably mean the person who is the target of such an attack, right?!
It has no effect on the AZbb, the server or the forum
That is what XSS is about,it effects the client.
The mentioned issue, ie passing script via the form, will only affect the USER
who is doing it.
JavaScripts are client side scripts.
It has no effect on the AZbb, the server or the forum.
PoC :
1)
This flaw exists because the application does not validate the nickname
variable upon submission to the post.php script via the POST method.
h**p://www.[target]/post.php?nickname=scriptalert('XSS')/script!--