date issue - Teh Forum

<body> <div id="header"> <span class="left"> <span class="back"><a href="lthread_list.php?webtag=DEFAULT"><span class="image mobile_back" title="Back"></span></a></span> <span class="image mobile_logo" title="Beehive Forum Logo"></span> </span> <ul> <li> <a class="reply_all" href="lpost.php?webtag=DEFAULT&reply_to=33339.0&return_msg=33339.12"> <span class="image mobile_reply_all"></span><span class="text">Reply to All</span> </a> </li> <li> <a class="navigation" href="#"> <span class="image mobile_navigation"></span><span class="text">Show messages</span> </a> </li> <li> <a class="main" href="#"><span class="image mobile_menu" title="Menu"></span> </a> </li> </ul> </div> <div class="menu main"> <ul> <li><a href="lthread_list.php?webtag=DEFAULT">Messages</a></li> <li><a href="lpm.php?webtag=DEFAULT">Inbox</a></li> <li><a href="lsearch.php?webtag=DEFAULT">Search</a></li> <li><a href="llogon.php?webtag=DEFAULT">Login</a></li> </ul> </div> <div class="menu navigation"><a href="lmessages.php?webtag=DEFAULT&msg=33339.1">1–10</a><a href="lmessages.php?webtag=DEFAULT&msg=33339.11">11–14</a></div> <div id="page_content"> <h3 class="thread_title"><a href="index.php?webtag=DEFAULT&amp;msg=33339.12">date issue</a> </h3> <div id="messages" data-navigation="33339_12_14_10"> <a name="a33339_12"></a><div class="message" id="message_33339_12"> <div class="message_header"> <div class="message_from"> From: Matt<span class="message_time">18 Oct 2007 13:04</span> <div class="clearer"></div> </div><div class="message_to">To: Peter (BOUGHTONP) <span><span class="image post_read" title="Read: 18 Oct 2007 17:49"></span></span> <span class="message_count">12 of 14</span><div class="clearer"></div> </div> </div> <div class="message_links"> <a href="lmessages.php?webtag=DEFAULT&msg=33339.12">33339.12</a> In reply to <a href="lmessages.php?webtag=DEFAULT&msg=33339.11">33339.11</a></div> <div class="message_body"> I've been using Acunetix WVS5 recently but the free version is quite heavily restricted and will only check for the more basic XSS exploits plus it takes an aeon to do anything so scanning for flaws takes at least several hours, especially on a project like Beehive. </div> <div class="message_footer"> <div class="message_footer_links"><a href="lpost.php?webtag=DEFAULT&reply_to=33339.12&return_msg=33339.12" class="reply"><span class="image post"></span>Reply</a></div> <div class="message_vote_form" data-msg="33339.12"> <span class="rating">0/0</span> <span class="image vote vote_down vote_down_off" title="Vote Down"></span> <span class="image vote vote_up vote_up_off" title="Vote Up"></span> </div> </div> </div><a name="a33339_13"></a><div class="message" id="message_33339_13"> <div class="message_header"> <div class="message_from"> From: dyl<span class="message_time">18 Oct 2007 22:13</span> <div class="clearer"></div> </div><div class="message_to">To: Matt <span><span class="image post_read" title="Read: 18 Oct 2007 23:07"></span></span> <span class="message_count">13 of 14</span><div class="clearer"></div> </div> </div> <div class="message_links"> <a href="lmessages.php?webtag=DEFAULT&msg=33339.13">33339.13</a> In reply to <a href="lmessages.php?webtag=DEFAULT&msg=33339.10">33339.10</a></div> <div class="message_body"> I know nothing about this stuff, including what it is and isn't safe to say in public without giving too much away, but I'm curious to know more. What damage could someone do with this vulnerability? Big damage? </div> <div class="message_footer"> <div class="message_footer_links"><a href="lpost.php?webtag=DEFAULT&reply_to=33339.13&return_msg=33339.12" class="reply"><span class="image post"></span>Reply</a></div> <div class="message_vote_form" data-msg="33339.13"> <span class="rating">0/0</span> <span class="image vote vote_down vote_down_off" title="Vote Down"></span> <span class="image vote vote_up vote_up_off" title="Vote Up"></span> </div> </div> </div><a name="a33339_14"></a><div class="message" id="message_33339_14"> <div class="message_header"> <div class="message_from"> From: Matt<span class="message_time">18 Oct 2007 23:09</span> <div class="clearer"></div> </div><div class="message_to">To: dyl <span><span class="image post_read" title="Read: 18 Oct 2007 23:09"></span></span> <span class="message_count">14 of 14</span><div class="clearer"></div> </div> </div> <div class="message_links"> <a href="lmessages.php?webtag=DEFAULT&msg=33339.14">33339.14</a> In reply to <a href="lmessages.php?webtag=DEFAULT&msg=33339.12#a33339_13" target="_self">33339.13</a></div> <div class="message_body"> <p>The one reported by FrSIRT is a cross site scripting flaw which allows injection of Javascript into pages.</p> <p> </p> <p>Symantec haven't got back to me yet regarding their discovery.</p><div class="edit_text">EDITED: 18 Oct 2007 23:10 by MATT</div> </div> <div class="message_footer"> <div class="message_footer_links"><a href="lpost.php?webtag=DEFAULT&reply_to=33339.14&return_msg=33339.12" class="reply"><span class="image post"></span>Reply</a></div> <div class="message_vote_form" data-msg="33339.14"> <span class="rating">0/0</span> <span class="image vote vote_down vote_down_off" title="Vote Down"></span> <span class="image vote vote_up vote_up_off" title="Vote Up"></span> </div> </div> </div></div> </div> </body>