6th Apr 2003 [SBWID-6103]
COMMAND
	XMB Forum XSS
SYSTEMS AFFECTED
	All version, tested on XMB 1.9 Developer's Edition
PROBLEM
	Thanks to dEcKa_tRaSh [[email protected]] advisory :
	XMB Forum is most popular web forum  which  have  more  than  3  million
	boards on the net. But, I found a cross site scripting bug  on  it.  So,
	lets go faster :-
	The problem is in "member.php" which is not filting perfectly. Lets  say
	that we want to view Bob info/profile, so we clicking his  username  and
	it will go like this:-
	
	http://target/boards/member.php?action=viewpro&member=Bob
	
	Then we change the username with some active code, example :-
	
	http://target/boards/member.php?action=viewpro&member=<scr!pt>alert(document.cookie)</scr!pt>
	
	dEcKa_tRaSh | Greetz #king9x @ IRC Webnet
SOLUTION
	none yet ?