CVE-2020-21494

Name of the Vulnerable Software and Affected Versions: Xiuno BBS version 4.0.4

Description: A cross-site scripting (XSS) issue in the install.sql component allows attackers to execute arbitrary web scripts or HTML by changing the doctype value to 0. This enables the execution of malicious scripts, potentially leading to unauthorized actions on the affected system.

Recommendations: For Xiuno BBS version 4.0.4, update the install.sql component to prevent the execution of arbitrary web scripts or HTML by restricting changes to the doctype value. As a temporary workaround, consider restricting access to the install.sql component until a patch is available.