Summary
The remote host is running a version of phpBB older than 2.0.10.
phpBB contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate user-supplied input in the 'search_author' parameter.
This version is also vulnerable to a HTTP response splitting vulnerability which permits the injection of CRLF characters in the HTTP headers.
Solution
Upgrade to 2.0.10 or later.
Severity
Classification
-
CVE CVE-2004-2054, CVE-2004-2055 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- AdaptCMS Lite Cross Site Scripting and Remote File Include Vulnerabilities
- Apache Tomcat TroubleShooter Servlet Installed
- Apache Tomcat Login Constraints Security Bypass Vulnerability
- 12Planet Chat Server one2planet.infolet.InfoServlet XSS
- Alt-N WebAdmin Remote Source Code Information Disclosure Vulnerability