xmb.php in XMB Forum 1.9.1 extracts and defines all provided variables, which allows remote attackers to modify arbitrary server variables such as _SERVER[REMOTE_ADDR].
Exploit prediction scoring system (EPSS) score
EPSS Score 0.021
EPSS Ranking 79.3%