CVE-2004-0730 — Cross-site Scripting in Group Phpbb

2 documents2 sources

Severity

6.8MEDIUMNVD

EPSS

1.6%

top 18.07%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Phpbb Group Phpbb

Timeline

PublishedJul 27

Latest updateApr 29

Description

Multiple cross-site scripting (XSS) vulnerabilities in PhpBB 2.0.8 allow remote attackers to inject arbitrary web script or HTML via (1) the cat_title parameter in index.php, (2) the faq[0][0] parameter in lang_faq.php as accessible from faq.php, or (3) the faq[0][0] parameter in lang_bbcode.php as accessible from faq.php.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages1 packages

▶NVDphpbb_group/phpbb2.0.8, 2.0.8a+1

🔴Vulnerability Details

GHSA

GHSA-vr3f-4g9q-55vj: Multiple cross-site scripting (XSS) vulnerabilities in PhpBB 2↗2022-04-29

▶