CVE-2013-3538

Name of the Vulnerable Software and Affected Versions Todoo Forum version 2.0

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML via the id post or pg parameters in the todooforum.php file.

Recommendations For Todoo Forum version 2.0, update the todooforum.php file to properly sanitize user input for the id post and pg parameters to prevent XSS attacks. As a temporary workaround, consider restricting access to the todooforum.php file until a patch is available.