CVE-2006-1157

Name of the Vulnerable Software and Affected Versions Vz Scripts ADP Forum versions 2.0.3 and earlier

Description A cross-site scripting issue allows remote attackers to inject arbitrary web script or HTML via the messaggio parameter in the Subject field when posting a new message in the "post.php" endpoint.

Recommendations For versions 2.0.3 and earlier, as a temporary workaround, consider restricting access to the post.php endpoint until a patch is available. Avoid using the messaggio parameter in the Subject field when posting new messages to minimize the risk of exploitation.