AlphaOne Technology Support Forums
Welcome, Guest. Please login or register.
January 08, 2009, 03:14:47 AM

Login with username, password and session length
Search:     Advanced search
1733 Posts in 827 Topics by 5342 Members
Latest Member: hikslyypro
* Home Help Search Login Register
AlphaOne Technology Support Forums  |  IMPORTANT ANNOUNCEMENTS  |  Security Announcements  |  PhpBB Alerts  |  Topic: phpBB "BBCode" Processing Cross Site Scripting Vulnerability 0 Members and 0 Guests are viewing this topic. « previous next »
Pages: [1] Go Down Print
Author Topic: phpBB "BBCode" Processing Cross Site Scripting Vulnerability  (Read 1055 times)
Brad
SysAdmin
Tech Team
Hero Member
********
Offline Offline

Posts: 391



View Profile
phpBB "BBCode" Processing Cross Site Scripting Vulnerability
« on: July 19, 2005, 10:36:28 PM »
* Technical Description *

A vulnerability was identified in phpBB, which could be exploited by malicious users to conduct cross site scripting attacks. This flaw is due to an input validation error in the "includes/bbcode.php" script that does not properly filter a specially crafted "BBCode" URL, which may be exploited by attackers to cause arbitrary scripting code to be executed by the user's browser.

 * Affected Products *

phpBB version 2.0.16 and prior

 * Solution *

Upgrade to phpBB version 2.0.17 :
http://www.phpbb.com/phpBB/viewtopic.php?f=14&t=308490

 * References *

http://www.frsirt.com/english/advisories/2005/1138
http://www.phpbb.com/phpBB/viewtopic.php?f=14&t=308490
Logged
Mambo Hosting Resources
Pages: [1] Go Up Print 
AlphaOne Technology Support Forums  |  IMPORTANT ANNOUNCEMENTS  |  Security Announcements  |  PhpBB Alerts  |  Topic: phpBB "BBCode" Processing Cross Site Scripting Vulnerability « previous next »
Jump to:  

Powered by MySQL Powered by PHP AlphaOne Technology Support Forums | Powered by SMF 1.0.7.
© 2001-2005, Lewis Media. All Rights Reserved. 		Valid XHTML 1.0! Valid CSS!