CVE-2005-3412

Name of the Vulnerable Software and Affected Versions Elite Forum version 1.0.0.0

Description A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via a Post Reply to a topic. This is achieved by including a javascript: URL in an tag.

Recommendations For Elite Forum version 1.0.0.0, as a temporary workaround, consider disabling the Post Reply feature until a patch is available. Restrict access to posting replies that contain tags with javascript: URLs to minimize the risk of exploitation.