CVE-2010-1276

Name of the Vulnerable Software and Affected Versions BBSXP 2008 SP2

Description The issue allows remote attackers to inject arbitrary web script or HTML via the URI in requests to several API endpoints, including "AddPost.asp", "AddTopic.asp", "Admin Default.asp", "Bank.asp", "Manage.asp", and "ShowPost.asp".

Recommendations For BBSXP 2008 SP2, consider restricting access to the affected API endpoints until a fix is available. As a temporary workaround, avoid using these endpoints to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.