M Phorum · M-Phorum · CVE-2006-1151
**Name of the Vulnerable Software and Affected Versions**
M-Phorum version 0.2
**Description**
A cross-site scripting issue exists, allowing remote attackers to inject arbitrary web script or HTML. This is achieved via the `go` parameter in the "index.php" file.
**Recommendations**
For M-Phorum version 0.2, avoid using the `go` parameter in the index.php file until a fix is available. Consider restricting access to the index.php file to minimize the risk of exploitation.