ID CVE-2006-6421
Summary Cross-site scripting (XSS) vulnerability in the private message box implementation (privmsg.php) in phpBB 2.0.x allows remote authenticated users to inject arbitrary web script or HTML via the "Message body" field in a message to a non-existent user.
References
Vulnerable Configurations
  • cpe:2.3:a:phpbb_group:phpbb:2.0:*:*:*:*:*:*:*
    cpe:2.3:a:phpbb_group:phpbb:2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:phpbb_group:phpbb:2.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:phpbb_group:phpbb:2.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:phpbb_group:phpbb:2.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:phpbb_group:phpbb:2.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:phpbb_group:phpbb:2.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:phpbb_group:phpbb:2.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:phpbb_group:phpbb:2.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:phpbb_group:phpbb:2.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:phpbb_group:phpbb:2.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:phpbb_group:phpbb:2.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:phpbb_group:phpbb:2.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:phpbb_group:phpbb:2.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:phpbb_group:phpbb:2.0.6:*:*:*:*:*:*:*
    cpe:2.3:a:phpbb_group:phpbb:2.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:phpbb_group:phpbb:2.0.6c:*:*:*:*:*:*:*
    cpe:2.3:a:phpbb_group:phpbb:2.0.6c:*:*:*:*:*:*:*
  • cpe:2.3:a:phpbb_group:phpbb:2.0.6d:*:*:*:*:*:*:*
    cpe:2.3:a:phpbb_group:phpbb:2.0.6d:*:*:*:*:*:*:*
  • cpe:2.3:a:phpbb_group:phpbb:2.0.7:*:*:*:*:*:*:*
    cpe:2.3:a:phpbb_group:phpbb:2.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:phpbb_group:phpbb:2.0.7a:*:*:*:*:*:*:*
    cpe:2.3:a:phpbb_group:phpbb:2.0.7a:*:*:*:*:*:*:*
  • cpe:2.3:a:phpbb_group:phpbb:2.0.8:*:*:*:*:*:*:*
    cpe:2.3:a:phpbb_group:phpbb:2.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:phpbb_group:phpbb:2.0.8a:*:*:*:*:*:*:*
    cpe:2.3:a:phpbb_group:phpbb:2.0.8a:*:*:*:*:*:*:*
  • cpe:2.3:a:phpbb_group:phpbb:2.0.9:*:*:*:*:*:*:*
    cpe:2.3:a:phpbb_group:phpbb:2.0.9:*:*:*:*:*:*:*
  • cpe:2.3:a:phpbb_group:phpbb:2.0.10:*:*:*:*:*:*:*
    cpe:2.3:a:phpbb_group:phpbb:2.0.10:*:*:*:*:*:*:*
  • cpe:2.3:a:phpbb_group:phpbb:2.0.11:*:*:*:*:*:*:*
    cpe:2.3:a:phpbb_group:phpbb:2.0.11:*:*:*:*:*:*:*
  • cpe:2.3:a:phpbb_group:phpbb:2.0.12:*:*:*:*:*:*:*
    cpe:2.3:a:phpbb_group:phpbb:2.0.12:*:*:*:*:*:*:*
  • cpe:2.3:a:phpbb_group:phpbb:2.0.13:*:*:*:*:*:*:*
    cpe:2.3:a:phpbb_group:phpbb:2.0.13:*:*:*:*:*:*:*
  • cpe:2.3:a:phpbb_group:phpbb:2.0.14:*:*:*:*:*:*:*
    cpe:2.3:a:phpbb_group:phpbb:2.0.14:*:*:*:*:*:*:*
  • cpe:2.3:a:phpbb_group:phpbb:2.0.15:*:*:*:*:*:*:*
    cpe:2.3:a:phpbb_group:phpbb:2.0.15:*:*:*:*:*:*:*
  • cpe:2.3:a:phpbb_group:phpbb:2.0.16:*:*:*:*:*:*:*
    cpe:2.3:a:phpbb_group:phpbb:2.0.16:*:*:*:*:*:*:*
  • cpe:2.3:a:phpbb_group:phpbb:2.0.17:*:*:*:*:*:*:*
    cpe:2.3:a:phpbb_group:phpbb:2.0.17:*:*:*:*:*:*:*
  • cpe:2.3:a:phpbb_group:phpbb:2.0.18:*:*:*:*:*:*:*
    cpe:2.3:a:phpbb_group:phpbb:2.0.18:*:*:*:*:*:*:*
  • cpe:2.3:a:phpbb_group:phpbb:2.0.19:*:*:*:*:*:*:*
    cpe:2.3:a:phpbb_group:phpbb:2.0.19:*:*:*:*:*:*:*
  • cpe:2.3:a:phpbb_group:phpbb:2.0.20:*:*:*:*:*:*:*
    cpe:2.3:a:phpbb_group:phpbb:2.0.20:*:*:*:*:*:*:*
  • cpe:2.3:a:phpbb_group:phpbb:2.0.21:*:*:*:*:*:*:*
    cpe:2.3:a:phpbb_group:phpbb:2.0.21:*:*:*:*:*:*:*
  • cpe:2.3:a:phpbb_group:phpbb:2.0_beta1:*:*:*:*:*:*:*
    cpe:2.3:a:phpbb_group:phpbb:2.0_beta1:*:*:*:*:*:*:*
  • cpe:2.3:a:phpbb_group:phpbb:2.0_rc1:*:*:*:*:*:*:*
    cpe:2.3:a:phpbb_group:phpbb:2.0_rc1:*:*:*:*:*:*:*
  • cpe:2.3:a:phpbb_group:phpbb:2.0_rc2:*:*:*:*:*:*:*
    cpe:2.3:a:phpbb_group:phpbb:2.0_rc2:*:*:*:*:*:*:*
  • cpe:2.3:a:phpbb_group:phpbb:2.0_rc3:*:*:*:*:*:*:*
    cpe:2.3:a:phpbb_group:phpbb:2.0_rc3:*:*:*:*:*:*:*
  • cpe:2.3:a:phpbb_group:phpbb:2.0_rc4:*:*:*:*:*:*:*
    cpe:2.3:a:phpbb_group:phpbb:2.0_rc4:*:*:*:*:*:*:*
CVSS
Base: 6.0 (as of 17-10-2018 - 21:48)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM SINGLE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:M/Au:S/C:P/I:P/A:P
refmap via4
bid
  • 21806
  • 22001
bugtraq
  • 20061207 phpbb 2.0.x [xss]
  • 20070111 Re: phpBB (privmsg.php) XSS Exploit
  • 20070111 phpBB (privmsg.php) XSS Exploit
  • 20070112 Re: phpBB (privmsg.php) XSS Exploit
confirm http://www.phpbb.com/phpBB/viewtopic.php?f=14&t=489624
secunia 23283
sreason 2005
xf phpbb-privmsgphp-xss(30776)
Last major update 17-10-2018 - 21:48
Published 10-12-2006 - 11:28
Last modified 17-10-2018 - 21:48
Back to Top