miqrogroove - 5-10-2021 at 12:05 AM
Bug Source: XMB 1.8 through 1.9.9
Symptoms: ActionScript compromise (XSS)
Security Impact: High
ID: CVE-2006-1748
Fixed By: XMB 1.9.10 and later are not affected.
Discussion:
In 2006, a CVE was assigned to a public exploit against XMB relating to Flash technology. XMB staff found this information through the National
Vulnerability Database in 2008, and determined XMB versions starting with 1.8 contained an unfiltered BBCode feature named "flash". This feature
allowed arbitrary content to be injected inline with the body of any message or post, which would enable users and spammers to reveal private
information and to misdirect other users. The Flash BBCode was removed permanently from XMB in version 1.9.10 to prevent anyone from using this
feature. This change was also available in a service pack for version 1.9.8.
Recommendations: