CVE-2011-5138

Name of the Vulnerable Software and Affected Versions tForum version b0.915

Description A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML. This is achieved via the username parameter in a "viewprofile" action.

Recommendations For tForum version b0.915, consider restricting the use of the username parameter in the "viewprofile" action until a patch is available. As a temporary workaround, validate and sanitize all user input to prevent malicious script injection.