I ran it YEARS ago on CF5 and MX6. I can't speak for the current version, but the CFBB code sucked. Mofifying it was a pain. No variables were locked anywhere, and I'm including the session and application scopes.
In it's favor, it did work pretty much out-of-the box. And, for all I know, they may have shiny new pretty efficient and well-layed-out code since then. As for XSS attacks.... I'm honestly not too familiar with them, although I admit I should be. My understanding is that, basically, someone embeds a script in your page (via a MySpace comment, forum post, etc.) that rewrites part of your page. It can, for example, redirect forms by overwriting the action on the form. Someone else can probably give better information, though. --Ben Doom NUGROHO NOTO wrote: > Hi, > Can anyone share their thought about this forum ? (cfbb by adersoftware) > www.adersoftware.com/index.cfm?page=cfbb > this is the only forum which can run on CF5 so far.. > > I am still using CF5, so.. cannot use cfmbb or galleon. > I just need basic forum, so cfbb is enough for me I think. > I am just afraid to use this forum (cfbb) because I have read in some google > article about reported a vulnerability in AderSoftware CFBB, which can > be exploited by malicious people to conduct cross-site scripting > attacks. > I don't really understand the meaning of above cross-site scripting attacks. > is it dangerous ? > Thanks. > > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Check out the new features and enhancements in the latest product release - download the "What's New PDF" now http://download.macromedia.com/pub/labs/coldfusion/cf8_beta_whatsnew_052907.pdf Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:288836 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4