Valery Marchuk

**Name of the Vulnerable Software and Affected Versions** TorrentTrader Classic version 1.08 **Description** The issue concerns cross-site request forgery (CSRF) vulnerabilities in the account-inbox.php file. This allows remote attackers to perform certain actions as other users, such as sending messages. **Recommendations** For TorrentTrader Classic version 1.08, consider implementing CSRF protection mechanisms, such as token-based validation, to prevent unauthorized actions. As a temporary workaround, restrict access to the account-inbox.php file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** TorrentTrader Classic version 1.08 **Description** A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML. This is achieved via the `msg` parameter in the account-inbox.php file. **Recommendations** For TorrentTrader Classic version 1.08, consider restricting access to the account-inbox.php file until a patch is available, and avoid using the `msg` parameter in this context to minimize the risk of exploitation.