CVE-2008-6891

Name of the Vulnerable Software and Affected Versions: ASP Forum Script (affected versions not specified)

Description: The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML. The injection can occur via the forum id parameter to API endpoints such as "new message.asp" and "messages.asp", and via the query string to "default.asp".

Recommendations: For ASP Forum Script, as a temporary workaround, consider restricting access to the new message.asp and messages.asp API endpoints until a patch is available. Additionally, avoid using the forum id parameter in these endpoints and the query string in "default.asp" until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.