CVE-2005-0526

Name of the Vulnerable Software and Affected Versions PBLang version 4.65

Description The issue allows remote attackers to inject arbitrary web script or HTML, potentially leading to cross-site scripting (XSS) attacks. This can be achieved through various means, including the search string to the "search.php" endpoint, the subject of a private message processed by "pm.php", or the body of a private message processed by "pmpshow.php".

Recommendations For PBLang version 4.65, consider disabling the search functionality in "search.php", restricting user input in the subject and body of private messages processed by "pm.php" and "pmpshow.php" respectively, until a fix is available.