PhpBB <= 2.0.18 Multiple Cross-Site Scripting Flaws Network Vulnerability

Summary

The remote web server contains a PHP application that is affected by several flaws. Description : According to its version number, the remote version of this software is vulnerable to Javascript injection issues using 'url' bbcode tags and, if HTML tags are enabled, HTML more generally. This may allow an attacker to inject hostile Javascript into the forum system, to steal cookie credentials or misrepresent site content. When the form is submitted the malicious Javascript will be incorporated into dynamically generated content.

Solution

Upgrade to phpBB version 2.0.19 or later.

References

http://www.phpbb.com/phpBB/viewtopic.php?f=14&t=352966

Updated on 2017-03-28

Severity

Classification

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Apple Safari Multiple Vulnerabilities
Adobe JRun Management Console Multiple Vulnerabilities
Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
Advanced Image Hosting Cross Site Scripting Vulnerability
An Image Gallery Directory Traversal Vulnerability

phpBB <= 2.0.18 Multiple Cross-Site Scripting Flaws

Take action and discover your vulnerabilities