CVE-2015-2217

Name of the Vulnerable Software and Affected Versions Ultimate PHP Board versions prior to 2.2.8

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML. Specifically, the q parameter to search.php and the avatar parameter to profile.php are vulnerable.

Recommendations For versions prior to 2.2.8, update to version 2.2.8 or later to resolve the issue. As a temporary workaround, consider restricting access to the search.php and profile.php scripts until the update is applied. Avoid using the q parameter in the search.php script and the avatar parameter in the profile.php script until the issue is resolved.