CVE-2006-1717

Name of the Vulnerable Software and Affected Versions: MyBB version 1.10

Description: A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML via the username variable. This occurs when the software is configured to permit new threads by unregistered users.

Recommendations: For MyBB version 1.10, consider restricting the ability for unregistered users to create new threads until a fix is available. As a temporary workaround, restrict access to the newthread.php module to minimize the risk of exploitation. Avoid using the username variable in the affected API endpoint until the issue is resolved.