CVE-2006-1810

Name of the Vulnerable Software and Affected Versions FlexBB version 0.5.5 BETA

Description The issue allows remote attackers to inject arbitrary web script or HTML via multiple fields in the user profile, including the ICQ, AIM, MSN, Google Talk, Website Name, Website Address, Email Address, Location, Signature, and Sub-Titles fields.

Recommendations For FlexBB version 0.5.5 BETA, as a temporary workaround, consider restricting user input for the ICQ, AIM, MSN, Google Talk, Website Name, Website Address, Email Address, Location, Signature, and Sub-Titles fields in the user profile to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.