CVE-2005-2588

Name of the Vulnerable Software and Affected Versions DVBBS versions 7.1 SP2 and earlier

Description The issue allows remote attackers to inject arbitrary web script or HTML. This can be achieved via several parameters, including the page parameter to "dispbbs.asp", the name parameter to "dispuser.asp", and the title, view, or act parameters to "boardhelp.asp".

Recommendations For DVBBS versions 7.1 SP2 and earlier, update to a version later than 7.1 SP2 to resolve the issue. As a temporary workaround, consider restricting access to the "dispbbs.asp", "dispuser.asp", and "boardhelp.asp" pages until a patch is available. Avoid using the page parameter in "dispbbs.asp", the name parameter in "dispuser.asp", and the title, view, or act parameters in "boardhelp.asp" to minimize the risk of exploitation.