CVE-2006-3333

Name of the Vulnerable Software and Affected Versions Zorum Forum version 3.5

Description A cross-site scripting (XSS) issue exists, allowing remote attackers to inject web script or HTML via multiple unspecified parameters in index.php, including the frommethod, list, and method parameters, which are reflected in an error message. This might be related to SQL injection in some cases.

Recommendations For Zorum Forum version 3.5, as a temporary workaround, consider restricting access to the index.php file or validating and sanitizing user input for the frommethod, list, and method parameters to prevent XSS attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.