VULHUB ™

YaBB is reported prone to a JavaScript injection vulnerability. It is reported that the BBCode 'shadow' tag is not sufficiently sanitized of malicious script content. An attacker that has an account on the affected bulletin board may exploit this vulnerability to inject arbitrary JavaScript code into forum posts through the 'shadow' tag.

YaBB is reported prone to a JavaScript injection vulnerability. It is reported that the BBCode 'shadow' tag is not sufficiently sanitized of malicious script content. An attacker that has an account on the affected bulletin board may exploit this vulnerability to inject arbitrary JavaScript code into forum posts through the 'shadow' tag.