CVE-2007-5127

Name of the Vulnerable Software and Affected Versions SimpGB version 1.46.02

Description The issue allows remote attackers to inject arbitrary web script or HTML. This can be achieved via the l username parameter to the default URI under "admin/" or the l emoticonlist parameter to "admin/emoticonlist.php".

Recommendations For SimpGB version 1.46.02, avoid using the l username and l emoticonlist parameters in the affected API endpoints until the issue is resolved. Restrict access to the "admin/" directory and "admin/emoticonlist.php" to minimize the risk of exploitation.