Apple_Soup

**Name of the Vulnerable Software and Affected Versions** WebzEdit versions 1.9 and earlier **Description** A cross-site scripting (XSS) issue exists, allowing remote attackers to execute arbitrary script as other users. This is achieved via the `message` parameter in the "done.jsp" file. **Recommendations** For WebzEdit versions 1.9 and earlier, avoid using the `message` parameter in the done.jsp file until a fix is available. As a temporary workaround, consider restricting access to the done.jsp file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** ezBoard version 7.3u **Description** A cross-site scripting (XSS) issue exists in the font tag, allowing remote attackers to execute arbitrary script as other users. This can be achieved by using the background:url in a (1) font color or (2) font face argument. **Recommendations** For ezBoard version 7.3u, update to a version that fixes this issue to prevent remote attackers from executing arbitrary scripts.

**Name of the Vulnerable Software and Affected Versions** phpBB versions prior to 2.0.6c **Description** The issue is related to a cross-site scripting (XSS) vulnerability. This vulnerability allows remote attackers to execute arbitrary script or HTML as other users. The exploitation is possible via the `postorder` parameter in the ViewTopic.php file. **Recommendations** For versions prior to 2.0.6c, update to a version that contains a fix for this issue to prevent exploitation.