Rafael Cintra Lopes

Name of the Vulnerable Software and Affected Versions: OpenTibiaBR MyAAC versions up to 0.8.16 Description: A problematic vulnerability has been found in OpenTibiaBR MyAAC, affecting an unknown function of the file system/pages/forum/new post.php of the component Post Reply Handler. The manipulation of the `post topic` argument leads to cross-site scripting. It is possible to launch the attack remotely. Recommendations: For versions up to 0.8.16, apply a patch to fix this issue, specifically the patch identified as bf6ae3df0d32fa22552bb44ca4f8489a6e78cc1c. As a temporary workaround, consider restricting the use of the `post topic` argument in the new post.php file until a patch is applied.