CVE-2005-4078

Name of the Vulnerable Software and Affected Versions Ideal BB.NET versions 1.3 and earlier

Description The issue allows remote attackers to inject arbitrary web script or HTML via several parameters in different API endpoints, including the forumID, boardID, and topicRepeater1-p parameters in "topics.aspx", the boardID parameter in "categoryindex.aspx", the postID parameter in "posts.aspx", the catID parameter in "forums.aspx", and the memberID parameter in "member.aspx".

Recommendations For Ideal BB.NET versions 1.3 and earlier, as a temporary workaround, consider restricting access to the vulnerable parameters forumID, boardID, topicRepeater1-p, postID, catID, and memberID in their respective API endpoints until a patch is available. At the moment, there is no information about a newer version that contains a fix for this issue.