CVE-2004-0339 — Cross-site Scripting in Group Phpbb

2 documents2 sources

Severity

6.8MEDIUMNVD

EPSS

0.8%

top 25.46%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Phpbb Group Phpbb

Timeline

PublishedNov 23

Latest updateApr 29

Description

Cross-site scripting (XSS) vulnerability in ViewTopic.php in phpBB, possibly 2.0.6c and earlier, allows remote attackers to execute arbitrary script or HTML as other users via the postorder parameter.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages1 packages

▶NVDphpbb_group/phpbb9 versions+8

Patches

Patch: www.securityfocus.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-2w6p-9jq8-5xfq: Cross-site scripting (XSS) vulnerability in ViewTopic↗2022-04-29

▶