|
|
Family: CGI abuses : XSS --> Category: infos
phpBB <= 2.0.18 Multiple Cross-Site Scripting Flaws Vulnerability Scan
Vulnerability Scan Summary
Checks for multiple cross-site scripting flaws in phpBB <= 2.0.18
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote web server contains a PHP application that is affected by
several flaws.
Description :
According to its version number, the remote version of this software
is vulnerable to Javascript injection issues using 'url' bbcode tags
and, if HTML tags are enabled, HTML more generally. This may allow an
attacker to inject hostile Javascript into the forum system, to steal
cookie credentials or misrepresent site content. When the form is
submitted the malicious Javascript will be incorporated into
dynamically generated content.
See also :
http://lists.grok.org.uk/pipermail/full-disclosure/2005-December/040204.html
http://www.phpbb.com/phpBB/viewtopic.php?f=14&t=352966
Solution :
Upgrade to phpBB version 2.0.19 or later.
Threat Level:
Low / CVSS Base Score : 2
(AV:R/AC:L/Au:NR/C:P/A:N/I:N/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|
