CVE-2025-61539

Name of the Vulnerable Software and Affected Versions Ultimate PHP Board version 2.2.7

Description An issue exists in Ultimate PHP Board that allows for cross-site scripting (XSS). The issue is located in the lostpassword.php file and involves the u name parameter. Exploitation occurs through manipulation of this parameter, potentially allowing an attacker to inject malicious scripts.

Recommendations Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, sanitize the u name parameter in the lostpassword.php file to prevent script injection.