CVE-2005-4642

Name of the Vulnerable Software and Affected Versions HydroBB version 1.0.0 Beta 2

Description The issue allows remote attackers to inject arbitrary web script or HTML via the s parameter to various API endpoints, including "search.php", "members.php", "stats.php", "viewforum.php", "register.php", "usercp.php", "groups.php", "pms.php", and "calendar.php".

Recommendations For HydroBB version 1.0.0 Beta 2, as a temporary workaround, consider restricting access to the vulnerable API endpoints until a patch is available. Avoid using the s parameter in the affected endpoints to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.