CVE-2012-4873

Name of the Vulnerable Software and Affected Versions GNUBoard versions prior to 4.34.21

Description A cross-site scripting issue exists due to insufficient validation of user input in the filename parameter of the file download function. This allows remote attackers to inject arbitrary web script or HTML.

Recommendations For versions prior to 4.34.21, update to version 4.34.21 or later to resolve the issue. As a temporary workaround, consider restricting access to the file download function to minimize the risk of exploitation. Avoid using the filename parameter in the affected function until the issue is resolved.