Family: CGI abuses --> Category: attack
phpBB < 2.0.22 Multiple Vulnerabilities Vulnerability Scan
Vulnerability Scan Summary
Tries to pass a 'bad' redirect in via phpBB
Detailed Explanation for this Vulnerability Test
The remote web server contains a PHP application that is affected by
The version of phpBB installed on the remote host fails to properly
block 'bad' redirection targets. In addition, it reportedly contains
a non-persistent cross-site scripting flaw involving its private
messaging functionality and several other issues. At a minimum, a
remote attacker can leverage these flaws to launch cross-site
scripting attacks against the affected application.
See also :
Upgrade to phpBB 2.0.22 or later.
High / CVSS Base Score : 7
Click HERE for more information and discussions on this network vulnerability scan.