CVE-2003-1277

Name of the Vulnerable Software and Affected Versions Yet Another Bulletin Board (YaBB) version 1.5.0

Description The issue allows remote attackers to execute arbitrary script as other users, potentially stealing authentication information via cookies. This is achieved by injecting arbitrary HTML or script into specific parameters, including news icon of news template.php and threadid and subject of index.html.

Recommendations For Yet Another Bulletin Board (YaBB) version 1.5.0, consider restricting access to the news template.php and index.html files until a patch is available. As a temporary workaround, avoid using the news icon, threadid, and subject parameters in the affected files to minimize the risk of exploitation.