CVE-2004-2211

Name of the Vulnerable Software and Affected Versions AliveSites Forums version 2.0

Description A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via specific parameters to certain API endpoints. The affected parameters include forum id, method, and forum title to "post.asp", forum title to "forum.asp", and id to "post.asp".

Recommendations For AliveSites Forums version 2.0, as a temporary workaround, consider restricting access to the affected API endpoints, specifically "post.asp" and "forum.asp", until a patch is available. Avoid using the parameters forum id, method, forum title, and id in the affected endpoints until the issue is resolved.