Zeberus

**Name of the Vulnerable Software and Affected Versions** WoltLab Burning Board (WBB) version 2.3.5 **Description** A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML via a GIF image containing URL-encoded Javascript. **Recommendations** For version 2.3.5, update to a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** PHP-Fusion versions prior to 6.01.3 **Description** The issue allows remote attackers to inject arbitrary web script or HTML. This can be achieved by uploading a file with a .gif or .jpg extension that begins with a GIF header followed by JavaScript code, using edit profile.php to upload an avatar or forum image attachment. The JavaScript code is executed by Internet Explorer. **Recommendations** For versions prior to 6.01.3, update to version 6.01.3 or later to resolve the issue. As a temporary workaround, consider restricting the upload of image files with .gif or .jpg extensions that contain executable code.