Shun-Gg

Name of the Vulnerable Software and Affected Versions: Xiuno BBS version 4.0.4 Description: A cross-site scripting (XSS) issue in the `install.sql` component allows attackers to execute arbitrary web scripts or HTML by changing the `doctype` value to 0. This enables the execution of malicious scripts, potentially leading to unauthorized actions on the affected system. Recommendations: For Xiuno BBS version 4.0.4, update the `install.sql` component to prevent the execution of arbitrary web scripts or HTML by restricting changes to the `doctype` value. As a temporary workaround, consider restricting access to the `install.sql` component until a patch is available.