CVE-2006-2109

Name of the Vulnerable Software and Affected Versions JSBoard versions prior to 2.0.12

Description A cross-site scripting (XSS) issue exists in the parse query str function, allowing remote attackers to inject arbitrary web script or HTML via parameters set as global variables. This can be demonstrated using the table parameter to the "login.php" endpoint.

Recommendations For versions prior to 2.0.12, update to version 2.0.12 or later to resolve the issue. As a temporary workaround, consider restricting access to the parse query str function in include/print.php until a patch is available. Avoid using user-supplied input for parameters that are set as global variables within the program.