CVE-2005-3260

Name of the Vulnerable Software and Affected Versions versatileBulletinBoard (vBB) version 1.0.0 RC2

Description The issue allows remote attackers to inject arbitrary web script or HTML. This can be achieved via two parameters: the url parameter in "dereferrer.php" and the file parameter in "imagewin.php".

Recommendations For version 1.0.0 RC2, consider disabling the dereferrer.php and imagewin.php scripts until a patch is available to prevent exploitation. Restrict access to these scripts to minimize the risk of arbitrary web script or HTML injection. Avoid using the url and file parameters in the affected scripts until the issue is resolved.