CVE-2005-4426

Name of the Vulnerable Software and Affected Versions YaBB versions prior to 2.1

Description The issue arises from an interpretation conflict that allows remote authenticated users to inject arbitrary web script or HTML via HTML in a file with a GIF file extension. This can cause the HTML to be executed by a victim who views the file in Internet Explorer.

Recommendations For versions prior to 2.1, consider restricting the upload of files with GIF extensions to prevent potential HTML injection. As a temporary workaround, avoid using Internet Explorer to view files uploaded to YaBB until a proper fix is applied.