CVE-2009-3204

Name of the Vulnerable Software and Affected Versions Stiva Forum version 1.0

Description The issue allows remote attackers to inject arbitrary web script or HTML. This can be achieved via the id parameter to "demo.php" and "forum.php", and the PATH INFO to "include forum.php".

Recommendations For Stiva Forum version 1.0, avoid using the id parameter in the "demo.php" and "forum.php" API endpoints until the issue is resolved. Restrict access to the "include forum.php" module to minimize the risk of exploitation.