ID CVE-2005-4357
Summary Cross-site scripting (XSS) vulnerability in phpBB 2.0.18, when "Allowed HTML tags" is enabled, allows remote attackers to inject arbitrary Javascript via a permitted HTML tag with " (quote) characters and active attributes such as onmouseover.
References
Vulnerable Configurations
  • cpe:2.3:a:phpbb_group:phpbb:2.0.18:*:*:*:*:*:*:*
    cpe:2.3:a:phpbb_group:phpbb:2.0.18:*:*:*:*:*:*:*
CVSS
Base: 2.6 (as of 19-10-2018 - 15:40)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK HIGH NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
cvss-vector via4 AV:N/AC:H/Au:N/C:N/I:P/A:N
refmap via4
bugtraq 20051230 phpbb2.0.19 fixes security issues
confirm http://www.phpbb.com/phpBB/viewtopic.php?t=352966
fulldisc 20051217 phpBB 2.0.18 XSS and Full Path Disclosure
misc http://securityreason.com/securityalert/269
osvdb 21803
secunia
  • 18125
  • 18252
sreasonres 20051217 phpBB 2.0.18 XSS and Full Path Disclosure
vupen
  • ADV-2005-2991
  • ADV-2006-0010
Last major update 19-10-2018 - 15:40
Published 20-12-2005 - 01:03
Last modified 19-10-2018 - 15:40
Back to Top