CVE-2006-0102

Name of the Vulnerable Software and Affected Versions: TinyPHPForum (TPF) versions 3.6 and earlier

Description: A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script via a javascript: scheme in an "[a]" bbcode tag, possibly the txt parameter to "action.php".

Recommendations: For versions 3.6 and earlier, consider disabling the use of "[a]" bbcode tags or restricting access to the action.php endpoint until a fix is available. Avoid using the txt parameter in the affected endpoint to minimize the risk of exploitation.