CVE-2002-2230

Name of the Vulnerable Software and Affected Versions: Ikonboard version 3.1.1

Description: A cross-site scripting issue allows remote attackers to inject arbitrary web script or HTML via a private message with a javascript: URL in the IMG tag. This occurs when the URL ends in a ".gif" or ".jpg" string.

Recommendations: For Ikonboard version 3.1.1, consider disabling the ability to send private messages with IMG tags until a patch is available. Restrict access to private messaging functionality to minimize the risk of exploitation. Avoid using javascript: URLs in IMG tags within private messages until the issue is resolved.