CVE-2014-8869

Name of the Vulnerable Software and Affected Versions com.tapatalk.wbb4 plugin versions 1.x before 1.1.2 for Woltlab Burning Board 4.0

Description The issue allows remote attackers to inject arbitrary web script or HTML via the app android id or app kindle url parameters in the welcome.php file of the mobiquo/smartbanner module. This can lead to cross-site scripting (XSS) attacks.

Recommendations For com.tapatalk.wbb4 plugin versions 1.x before 1.1.2, update to version 1.1.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the welcome.php file in the mobiquo/smartbanner module to minimize the risk of exploitation. Avoid using the app android id and app kindle url parameters in the affected module until the issue is resolved.