CVE-2012-1604

Name of the Vulnerable Software and Affected Versions NextBBS version 0.6

Description A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML. This is achieved by manipulating the do parameter to index.php.

Recommendations For NextBBS version 0.6, update to a newer version that contains a fix for this issue. As a temporary workaround, consider restricting access to the index.php endpoint to minimize the risk of exploitation. Avoid using the do parameter in the affected index.php endpoint until the issue is resolved.