CVE-2007-5948

Name of the Vulnerable Software and Affected Versions SF-Shoutbox versions 1.2.1 through 1.4

Description The issue allows remote attackers to inject arbitrary web script or HTML via the nick and shout parameters in the main.php file. This can be exploited by sending malicious input to the affected parameters.

Recommendations For SF-Shoutbox versions 1.2.1 through 1.4, consider validating and sanitizing user input for the nick and shout parameters to prevent arbitrary web script or HTML injection. As a temporary workaround, restrict access to the main.php file until a fix is available.