CVE-2005-3310 — Interpretation Conflict in Group Phpbb

CWE-436 — Interpretation Conflict3 documents3 sources

Severity

3.5LOWNVD

EPSS

0.5%

top 32.21%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Phpbb Group Phpbb

Timeline

PublishedOct 26

Latest updateMay 1

Description

Interpretation conflict in phpBB 2.0.17, with remote avatars and avatar uploading enabled, allows remote authenticated users to inject arbitrary web script or HTML via an HTML file with a GIF or JPEG file extension, which causes the HTML to be executed by a victim who views the file in Internet Explorer, which renders malformed image types as HTML, enabling cross-site scripting (XSS) attacks. NOTE: it could be argued that this vulnerability is due to a design flaw in Internet Explorer (CVE-2005-…

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 6.8 | Impact: 2.9

Affected Packages1 packages

▶NVDphpbb_group/phpbb2.0.17

Patches

Patch: secunia.com ↗Patch: secunia.com ↗Patch: www.debian.org ↗

🔴Vulnerability Details

GHSA

GHSA-94qp-2fqg-7mc4: Interpretation conflict in phpBB 2↗2022-05-01

▶

📐Framework References

CWE

Interpretation Conflict↗

▶