Punbb · Punbb · CVE-2009-4894
**Name of the Vulnerable Software and Affected Versions**
PunBB versions prior to 1.3.4
**Description**
The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML via the `password` or `e-mail` variables.
**Recommendations**
For versions prior to 1.3.4, update to version 1.3.4 or later to resolve the issue.