icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

YaBB < Gold SP 1.3.2 Multiple Input Validation Vulnerabilities

Low

Synopsis

The remote host is vulnerable to a Cross-Site Scripting (XSS) attack.

Description

The remote host is running a vulnerable version of YaBB. It is reported that versions up to and including 1 Gold SP 1.3.1 are prone to multiple input validation vulnerabilities. Using these weaknesses, an attacker may influence how web content is served, cached and interpreted or perform cross-site scripting attacks to steal cookie-based authentication credentials from an unsuspecting user.

Solution

Upgrade to YaBB Gold SP 1.3.2 or higher.