CVE-2004-2402

Name of the Vulnerable Software and Affected Versions: YaBB versions 1 GOLD SP 1.3.2

Description: The issue is related to a cross-site scripting (XSS) vulnerability. It allows remote attackers to inject arbitrary web script or HTML via a hex-encoded to parameter.

Recommendations: For version 1 GOLD SP 1.3.2, consider restricting access to the to parameter to minimize the risk of exploitation until a patch is available.