Ralph Capper · Ralph Capper Tiny Php Forum · CVE-2006-1898
**Name of the Vulnerable Software and Affected Versions**
Ralph Capper Tiny PHP Forum (TPF) version 3.6
**Description**
The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML. Specifically, the `uname` parameter in a view action in `profile.php` and a login name are vulnerable to such injections.
**Recommendations**
For version 3.6, avoid using the `uname` parameter in the view action in `profile.php` until the issue is resolved. Restrict access to the login name field to minimize the risk of exploitation.