CVE-2005-0650

Name of the Vulnerable Software and Affected Versions ProjectBB version 0.4.5.1

Description The issue allows remote attackers to inject arbitrary web script or HTML via several parameters, including the pages parameter to "divers.php", the search feature text area, forum name, site name, maximum avatar size in the option section, new category, or new forum fields in the forum section.

Recommendations For ProjectBB version 0.4.5.1, as a temporary workaround, consider restricting user input in the mentioned fields to minimize the risk of exploitation. Avoid using the vulnerable parameters in the affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.