CVE-2012-6556

Name of the Vulnerable Software and Affected Versions FirstLastNames plugin version 1.1.1 for Vanilla Forums

Description The issue allows remote attackers to inject arbitrary web script or HTML via the User/FirstName or User/LastName parameter to the edit user page, potentially leading to cross-site scripting (XSS) attacks.

Recommendations For FirstLastNames plugin version 1.1.1, consider restricting access to the edit user page or validating and sanitizing the User/FirstName and User/LastName parameters to prevent arbitrary web script or HTML injection until a patch is available.