Posted by Curesec Research Team (CRT) on Nov 18
Security Advisory – Curesec Research Team
1. Introduction
Affected Product: MyLittleForum 2.3.6.1
Fixed in: 2.3.7beta
Fixed Version Link: https://github.com/ilosuna/mylittleforum/releases/tag/
v2.3.7beta
Vendor Website: http://mylittleforum.net/
Vulnerability Type: XSS & RPO
Remote Exploitable: Yes
Reported to vendor: 09/05/2016
Disclosed to 11/10/2016
public:
Release mode: Coordinated…