XMB Forum Software

[Security < 1.9.10] CVE-2006-1748

miqrogroove - 5-10-2021 at 12:05 AM

Bug Source: XMB 1.8 through 1.9.9

Symptoms: ActionScript compromise (XSS)

Security Impact: High

ID: CVE-2006-1748

Fixed By: XMB 1.9.10 and later are not affected.


In 2006, a CVE was assigned to a public exploit against XMB relating to Flash technology. XMB staff found this information through the National Vulnerability Database in 2008, and determined XMB versions starting with 1.8 contained an unfiltered BBCode feature named "flash". This feature allowed arbitrary content to be injected inline with the body of any message or post, which would enable users and spammers to reveal private information and to misdirect other users. The Flash BBCode was removed permanently from XMB in version 1.9.10 to prevent anyone from using this feature. This change was also available in a service pack for version 1.9.8.