Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-0437

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2006-0437
Last Modified 07 Mar 2011 09:30:02
Published 06 Feb 2006 05:02:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2006-0437

Summary

Cross-site scripting (XSS) vulnerability in admin_smilies.php in phpBB 2.0.19 allows remote attackers to inject arbitrary web script or HTML via Javascript events such as "onmouseover" in the (1) smile_url or (2) smile_emotion parameters, which bypasses a check for "<" and ">" characters.

Vulnerable Systems

Application

  • Phpbb Group Phpbb 2.0.10

  • Phpbb Group Phpbb 2.0.11

  • Phpbb Group Phpbb 2.0.12

  • Phpbb Group Phpbb 2.0.13

  • Phpbb Group Phpbb 2.0.14

  • Phpbb Group Phpbb 2.0.15

  • Phpbb Group Phpbb 2.0.16

  • Phpbb Group Phpbb 2.0.17

  • Phpbb Group Phpbb 2.0.18

  • Phpbb Group Phpbb 2.0.19

  • Phpbb Group Phpbb 2.0.6c

  • Phpbb Group Phpbb 2.0.6d

  • Phpbb Group Phpbb 2.0.7

  • Phpbb Group Phpbb 2.0.7a

  • Phpbb Group Phpbb 2.0.8

  • Phpbb Group Phpbb 2.0.8a

  • Phpbb Group Phpbb 2.0.9


References

XF - phpbb-referer-header-http-xss(24497)

VUPEN - ADV-2006-0445

OSVDB - 22928

SREASONRES - 20060203 phpBB 2.0.19 Cross Site Request Forgeries and XSS Admin

SECUNIA - 18693

SREASON - 406


Last Updated: 27 May 2016 10:41:39