phpBB fails to sanitize user input, allowing the possible inclusion of active script content in user posts.
phpBB is a widely used Open Source bulletin board package written in PHP.
An input validation issue has been identified that allows a malicious phpBB user to include active script code in a post.
Malicious users can post to phpBB bulletin boards and include active script code. For many users the active script code will be executed by their browsers, due to active content being enabled by default in many popularly browsers.
The flaw has been addressed in phpBB 2.0.15. For more information on the patch please see:
The phpBB development team thank PapaDos and Paul/Zhen-Xjell from CastleCops
This document was written by Robert Mead.
|Date First Published:||2005-05-12|
|Date Last Updated:||2005-05-12 20:14 UTC|