CVE-2006-2228

Name of the Vulnerable Software and Affected Versions w-Agora (aka Web-Agora) version 4.2.0

Description A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via a post with a BBCode tag. This is achieved by including a JavaScript event name followed by whitespace before the '=' character in the tag, which bypasses a restrictive regular expression intended to remove events like onmouseover.

Recommendations For w-Agora (aka Web-Agora) version 4.2.0, consider disabling the use of BBCode tags until a patch is available to prevent the exploitation of this issue. Restrict access to posts that may contain malicious scripts to minimize the risk of XSS attacks.