CVE-2005-4357 — Cross-site Scripting in Group Phpbb

CWE-79 — Cross-site Scripting4 documents2 sources

Severity

4.3MEDIUMNVD

NVD2.6

EPSS

1.4%

top 19.42%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Phpbb Group Phpbb

Timeline

PublishedDec 20

Latest updateMay 1

Description

Cross-site scripting (XSS) vulnerability in phpBB 2.0.18, when "Allowed HTML tags" is enabled, allows remote attackers to inject arbitrary Javascript via a permitted HTML tag with " (quote) characters and active attributes such as onmouseover.

CVSS vector

AV:N/AC:H/C:N/I:P/A:NExploitability: 4.9 | Impact: 2.9

Affected Packages1 packages

▶NVDphpbb_group/phpbb2.0.18, 2.0.19+1

🔴Vulnerability Details

GHSA

GHSA-5r2g-q7h9-fvcv: Cross-site scripting (XSS) vulnerability in phpBB 2↗2022-05-01

▶

GHSA

GHSA-x2wh-mc38-3gh3: Cross-site scripting (XSS) vulnerability in phpBB 2↗2022-05-01

▶