admin
07-21-2005, 12:55 AM
phpBB
http://www.phpbb.com
July 20, 2005
http://securityfocus.com/bid/14151/info
http://www.phpbb.com/phpBB/viewtopic.php?f=14&t=308490
Description:
phpBB is prone to a script injection vulnerability. This issue is due to
a failure in the application to properly sanitize user-supplied input.
An attacker may leverage this issue to have arbitrary script code
executed in the browser of an unsuspecting user in the context of the
affected site. This may facilitate the theft of cookie-based
authentication credentials as well as other attacks.
Solution:
The vendor has addressed this issue in phpBB version 2.0.17
References:
* phpBB 2.0.17 released (phpBB Group)
* phpBB Homepage (phpBB)
* [Full-disclosure] XSS in nested tag in phpbb 2.0.16 ("alex" )
http://www.phpbb.com
July 20, 2005
http://securityfocus.com/bid/14151/info
http://www.phpbb.com/phpBB/viewtopic.php?f=14&t=308490
Description:
phpBB is prone to a script injection vulnerability. This issue is due to
a failure in the application to properly sanitize user-supplied input.
An attacker may leverage this issue to have arbitrary script code
executed in the browser of an unsuspecting user in the context of the
affected site. This may facilitate the theft of cookie-based
authentication credentials as well as other attacks.
Solution:
The vendor has addressed this issue in phpBB version 2.0.17
References:
* phpBB 2.0.17 released (phpBB Group)
* phpBB Homepage (phpBB)
* [Full-disclosure] XSS in nested tag in phpbb 2.0.16 ("alex" )