Drhankey

**Name of the Vulnerable Software and Affected Versions** Bitboard versions 2.5 and earlier **Description** A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via an `img` bbcode image tag with an event such as `mouseover`. **Recommendations** For versions 2.5 and earlier, update to a version later than 2.5 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Woltlab Burning Board Lite versions 1.0.0 through 1.0.1e **Description** A cross-site scripting issue allows remote attackers to inject arbitrary web script and HTML via the `userid` parameter in the formmail.php file. **Recommendations** For versions 1.0.0 through 1.0.1e, avoid using the `userid` parameter in the affected formmail.php file until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Woltlab Burning Book versions 1.0 Gold through 1.1.1e **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `user-agent` parameter in the "addentry.php" file. **Recommendations** For versions 1.0 Gold through 1.1.1e, consider restricting access to the "addentry.php" file until a patch is available. As a temporary workaround, avoid using the `user-agent` parameter in the affected file to minimize the risk of exploitation.