CVE-2005-4336

Name of the Vulnerable Software and Affected Versions ProjectForum versions 4.7.0 and earlier

Description A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML. This is possible via the fwd parameter in "admin/adminsignin.html" and the originalpageid parameter in "admin/newpage.html" associated with a group.

Recommendations For versions 4.7.0 and earlier, as a temporary workaround, consider restricting access to the "admin/adminsignin.html" and "admin/newpage.html" pages until a patch is available. Avoid using the fwd and originalpageid parameters in the affected pages until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.