CVE-2010-4811

Name of the Vulnerable Software and Affected Versions 6kbbs version 8.0 build 20100901

Description The issue allows remote attackers to inject arbitrary web script or HTML via the user[msn], user[email], and user[phone] parameters in a modifyDetails action, potentially leading to cross-site scripting (XSS) attacks.

Recommendations For 6kbbs version 8.0 build 20100901, consider validating and sanitizing user input for the user[msn], user[email], and user[phone] parameters in the modifyDetails action to prevent arbitrary web script or HTML injection. As a temporary workaround, restrict access to the ajaxmember.php file until a patch is available.