CVE-2005-3638

Name of the Vulnerable Software and Affected Versions Ekinboard version 1.0.3

Description The issue allows remote attackers to inject arbitrary web script or HTML, which can lead to cross-site scripting (XSS) attacks. This is possible via the id parameter in the "profile.php" endpoint and the titles of posts.

Recommendations For Ekinboard version 1.0.3, consider restricting access to the profile.php endpoint and limiting the ability to post titles until a fix is available. As a temporary workaround, avoid using the id parameter in the "profile.php" endpoint to minimize the risk of exploitation.