PT-2008-3467 · Akiva · Akiva Webboard
Published
2008-04-24
·
Updated
2017-08-08
·
CVE-2008-1941
CVSS v2.0
3.5
Low
| Vector | AV:N/AC:M/Au:S/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
Akiva WebBoard version 8.0
Description
A cross-site scripting (XSS) issue exists in the profile update feature, allowing remote authenticated users to inject arbitrary web script or HTML via unspecified vectors in the form field.
Recommendations
For Akiva WebBoard version 8.0, consider disabling the profile update feature until a patch is available to prevent exploitation of the XSS issue. Restrict access to the form field in the profile update feature to minimize the risk of arbitrary web script or HTML injection.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Akiva Webboard