Vulnerability Note VU#113196
phpBB contains an input validation vulnerability in "includes/bbcode.php"
phpBB fails to sanitize user input, allowing the possible inclusion of active script content in user posts.
phpBB is a widely used Open Source bulletin board package written in PHP.
An input validation issue has been identified that allows a malicious phpBB user to include active script code in a post.
Malicious users can post to phpBB bulletin boards and include active script code. For many users the active script code will be executed by their browsers, due to active content being enabled by default in many popularly browsers.
The flaw has been addressed in phpBB 2.0.15. For more information on the patch please see:
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|PHPBB||Affected||-||12 May 2005|
CVSS Metrics (Learn More)
The phpBB development team thank PapaDos and Paul/Zhen-Xjell from CastleCops.
This document was written by Robert Mead.
- CVE IDs: Unknown
- Date Public: 08 May 2005
- Date First Published: 12 May 2005
- Date Last Updated: 12 May 2005
- Severity Metric: 10.24
- Document Revision: 9
If you have feedback, comments, or additional information about this vulnerability, please send us email.