CVE-2002-0955

Name of the Vulnerable Software and Affected Versions: Yet Another Bulletin Board (YaBB) versions 1 Gold SP1 and earlier

Description: The issue allows remote attackers to execute arbitrary script as other web site visitors. This is achieved by injecting script into the num parameter, which is not properly filtered in the resulting error message.

Recommendations: For versions 1 Gold SP1 and earlier, as a temporary workaround, consider filtering or validating user input for the num parameter to prevent script injection until a patch is available.