CVE-2006-2927

Name of the Vulnerable Software and Affected Versions CodeAvalanche FreeForum (aka CAForum) version 1.0

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML via the msg subject and msg body parameters in the post.asp file.

Recommendations For CodeAvalanche FreeForum (aka CAForum) version 1.0, as a temporary workaround, consider restricting user input for the msg subject and msg body parameters to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.