CVE-2004-2180

Name of the Vulnerable Software and Affected Versions WowBB Forum version 1.61

Description The issue allows remote attackers to inject arbitrary web script or HTML, potentially leading to security breaches. The estimated number of potentially affected devices worldwide is not specified. Technical details about exploitation include the use of specific parameters to inject malicious code, such as the country parameter to /view user.php, the show parameter to /view forum.php and /index.php, the letter parameter to /view user.php, the highlight parameter to /view topic.php, the q parameter to /search.php, the Referer header to /admin.php, or the user email parameter to /login.php.

Recommendations For WowBB Forum version 1.61, as a temporary workaround, consider restricting access to the vulnerable parameters, such as country, show, letter, highlight, q, Referer header, and user email, until a patch is available. Avoid using these parameters in the affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.