CVE-2006-0155

Name of the Vulnerable Software and Affected Versions 427BB versions 2.2 through 2.2.1

Description A cross-site scripting issue exists, allowing remote attackers to inject arbitrary Javascript code. This is achieved by creating a new message that includes a URL bbcode tag containing a javascript URI.

Recommendations For versions 2.2 through 2.2.1, consider disabling the bbcode tag functionality in posts.php to prevent exploitation until a fix is available. Restrict access to the posts.php file to minimize the risk of arbitrary Javascript injection.