CVE-2002-1459

Name of the Vulnerable Software and Affected Versions L-Forum versions 2.40 and earlier

Description A cross-site scripting issue allows remote attackers to insert arbitrary script or HTML via message fields, including From, E-Mail, and Subject, when the "Enable HTML in messages" option is off.

Recommendations For L-Forum versions 2.40 and earlier, as a temporary workaround, consider disabling the "Enable HTML in messages" option and restrict user input in message fields to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.