CVE-2008-2024

Name of the Vulnerable Software and Affected Versions miniBB versions 2.2 and earlier

Description The issue is related to a cross-site scripting (XSS) vulnerability. This occurs when an attacker can inject arbitrary web script or HTML into a website, potentially allowing them to steal user data or take control of the user's session. The vulnerability can be exploited through the glang[] parameter in a "registernew" action when register globals is enabled.

Recommendations For miniBB versions 2.2 and earlier, consider disabling the register globals setting to prevent exploitation of this issue. Additionally, restrict access to the "registernew" action in index.php to minimize the risk of XSS attacks. Avoid using the glang[] parameter in the affected API endpoint until the issue is resolved.