CVE-2006-3795

Name of the Vulnerable Software and Affected Versions DeluxeBB versions prior to 1.08

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML. Specifically, the vulnerabilities are found in the membercookie cookie in header.php and the redirect parameter in misc.php.

Recommendations For DeluxeBB versions prior to 1.08, update to version 1.08 or later to resolve the issue. As a temporary workaround, consider restricting access to the header.php and misc.php files to minimize the risk of exploitation. Avoid using the membercookie cookie and the redirect parameter in the affected API endpoints until the issue is resolved.