CVE-2004-1827

Name of the Vulnerable Software and Affected Versions YaBB versions 1 Gold(SP1.3) and 1.5.1 Final

Description The issue is related to a cross-site scripting (XSS) vulnerability that allows remote attackers to inject arbitrary web script. This can be achieved via the background:url property in either glow or shadow tags.

Recommendations For YaBB 1 Gold(SP1.3), update to a version that fixes this issue. For YaBB 1.5.1 Final, update to a version that fixes this issue. As a temporary workaround, consider restricting the use of glow and shadow tags until a patch is available.