CVE-2006-1748

Name of the Vulnerable Software and Affected Versions: XMB Forum version 1.9.5

Description: A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML by uploading a Flash (.SWF) video that contains a getURL function call. This causes the video to be rendered without disabling ActionScript, potentially leading to the execution of malicious code.

Recommendations: For XMB Forum version 1.9.5, consider disabling the upload of Flash (.SWF) videos or restricting the use of the getURL function call in uploaded videos to minimize the risk of exploitation.