The JitBit AspNetForum <8.3.8 is vulnerable to an XSS. The XSS can only be exploited by an authenticated user, but keep in mind that by default this is a forum, so registration is usually allowed by anyone and the exploit itself is very simple. To make matters worse the application is not supported anymore https://www.jitbit.com/asp-net-forum/versionhistory/ since the last version update was on 2015, despite this I managed to spot a few public forums by doing a Google search.
Steps to reproduce
1. Authenticate on the application
2. Go to editprofile.aspx
3. Choose any of the Gravatars provided and click Ok button below the Gravatars
4. Turn intercept on in Burp and modify the Form field "DefaultAvatarInput" from Image file to: " hidden/><script>alert('XSS')</script> <img hidden
5. I added the elements for a bit more stealth, but obviously feel free to modify this simple payload
Why did it come to be
This is a Asp .NET application, as the name suggests. The normal values like username are validated against XSS with string username = tbUsername.Text.Replace("<", "<").Replace(">", ">"); The gravatar input is not checked for XSS.
Vendor contacted 9/28/2019 Received no response in 30 days Public disclosure on 10/31/2019