Yabb · Yabb · CVE-2005-0785
**Name of the Vulnerable Software and Affected Versions**
YaBB version 2.0 rc1
**Description**
A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML via the `username` parameter in the usersrecentposts component.
**Recommendations**
For YaBB version 2.0 rc1, avoid using the `username` parameter in the usersrecentposts component until a fix is available. As a temporary workaround, consider restricting access to the usersrecentposts feature to minimize the risk of exploitation.