CVE-2008-6431

Name of the Vulnerable Software and Affected Versions: BMForum version 5.6

Description: The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML. The affected parameters include outpused in the "/index.php" endpoint, footer copyright and verandproname in the "/newtem/footer/bsd01footer.php" endpoint, and topads and myplugin in the "/newtem/header/bsd01header.php" endpoint.

Recommendations: For BMForum version 5.6, as a temporary workaround, consider restricting access to the vulnerable parameters outpused, footer copyright, verandproname, topads, and myplugin until a patch is available. Avoid using these parameters in the affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.