phpBB BBcode "url" Script Insertion Vulnerability - Website Hosting - VPS Hosting - Domain Registration Ireland :: Blacknight

niall · #1 (**permalink**) 28-07-05, 08:47 AM

Some vulnerabilities have been reported in phpBB. Some have unknown impacts, and another can be exploited by malicious people to conduct script insertion attacks.

1) Input passed to the BBcode "url" tag isn't properly sanitised before being used. This can be exploited to inject arbitrary script code, which will be executed in a user's browser session in context of an affected site when the malicious data is viewed with the Microsoft Internet Explorer browser.

2) Some unspecified errors have unknown minor impacts.

The vulnerabilities have been reported in version 2.0.16. Prior versions may also be affected.

Solution:
Update to version 2.0.17.

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Gallery EXIF Data Script Insertion Vulnerability	niall	Security Notices	0	26-08-05 09:58 AM
Coppermine Photo Gallery EXIF Data Script Insertion	niall	Security Notices	0	22-08-05 09:23 AM
PHP-Nuke "off-site Avatar" Script Insertion Vulner	niall	Security Notices	2	28-07-05 09:09 AM