CVE-2006-0927

Name of the Vulnerable Software and Affected Versions Woltlab Burning Board (wBB) versions 2.x with JGS-XA JGS-Gallery Addon version 4.0.0 and earlier

Description The issue allows remote attackers to inject arbitrary web script or HTML. This is achieved via the userid parameter in files such as jgs galerie slideshow.php and jgs galerie scroll.php, and the katid parameter in jgs galerie slideshow.php.

Recommendations For Woltlab Burning Board (wBB) versions 2.x with JGS-XA JGS-Gallery Addon version 4.0.0 and earlier, consider disabling the jgs galerie slideshow.php and jgs galerie scroll.php files until a patch is available. Restrict access to these files to minimize the risk of exploitation. Avoid using the userid and katid parameters in the affected API endpoints until the issue is resolved.