CVE-2008-0439

Name of the Vulnerable Software and Affected Versions DeluxeBB version 1.1

Description A cross-site scripting issue exists due to insufficient input validation in the templates/default/admincp/attachments header.php file. This allows remote attackers to inject arbitrary web script or HTML via the lang listofmatches parameter in the affected API endpoint.

Recommendations For DeluxeBB version 1.1, avoid using the lang listofmatches parameter in the affected endpoint until the issue is resolved. As a temporary workaround, consider restricting access to the templates/default/admincp/attachments header.php file to minimize the risk of exploitation.