CVE-2006-1898

Name of the Vulnerable Software and Affected Versions Ralph Capper Tiny PHP Forum (TPF) version 3.6

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML. Specifically, the uname parameter in a view action in profile.php and a login name are vulnerable to such injections.

Recommendations For version 3.6, avoid using the uname parameter in the view action in profile.php until the issue is resolved. Restrict access to the login name field to minimize the risk of exploitation.