CVE-2005-0673 — Cross-site Scripting in Group Phpbb

2 documents2 sources

Severity

4.3MEDIUMNVD

EPSS

0.3%

top 43.56%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Phpbb Group Phpbb

Timeline

PublishedMay 2

Latest updateMay 1

Description

Cross-site scripting (XSS) vulnerability in usercp_register.php for phpBB 2.0.13 allows remote attackers to inject arbitrary web script or HTML by setting the (1) allowhtml, (2) allowbbcode, or (3) allowsmilies parameters to inject HTML into signatures for personal messages, possibly when they are processed by privmsg.php or viewtopic.php.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

▶NVDphpbb_group/phpbb2.0.13

Patches

Patch: secunia.com ↗Patch: secunia.com ↗

🔴Vulnerability Details

GHSA

GHSA-p5wq-rq86-37rf: Cross-site scripting (XSS) vulnerability in usercp_register↗2022-05-01

▶