Grossman

**Name of the Vulnerable Software and Affected Versions** PD9 Software MegaBBS version 1.5.14b **Description** A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML. This is achieved via the `target` parameter in the "profile-upload/upload.asp" endpoint. **Recommendations** For version 1.5.14b, consider restricting access to the "profile-upload/upload.asp" endpoint until a fix is available, and avoid using the `target` parameter in this endpoint to minimize the risk of exploitation.