Interact multiple XSS vuln.

Interact multiple XSS vuln.

###############################################
Vuln. discovered by : r0t
Date: 21 June 2007
vendor:www.interactole.org
orginal advisory:
http://pridels-team.blogspot.com/2007/06/interact-multiple-xss-vuln.html
affected versions: tested on "Interact 2.4 beta 1"
other versions also can be affected.
###############################################

Interact contains a multiple flaws that allows a remote Cross-Site Scripting
attacks.Input passed to the "module_key" parameter in almost
all files wich use this parameter isn't properly sanitised before being
returned to the user.
in example:
modules/kb/kb.php,
modules/quiz/runquiz.php
modules/quiz/quiz.php
modules/forum/forum.php
modules/forum/byname.php
modules/journal/journalview.php
And Input passed to the "tag_key" parameter in
"modules/journal/journalview.php" isn't properly sanitised before being
returned to the user.
And Input passed to the "user_group_key" parameter in
"users/secureaccounts.php" isn't properly sanitised before being returned to
the user.
And Input passed to the "request_uri" parameter in "login.php" isn't
properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's
browser session in context of an affected site.

###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################