phpBB "ucp.php" Cross Site Scripting Vulnerability

phpBB 'ucp.php' Cross Site Scripting Vulnerability

Verification: http://www.securityfocus.com/bid/33995/info
 

Bugtraq ID: 33995
Class: Input Validation Error
CVE:  
Remote: Yes
Local: No
Published: Mar 04 2009 12:00AM
Updated: Mar 06 2009 06:36PM
Credit: Dante90
Vulnerable: phpBB Group phpBB 3.0.4
phpBB Group phpBB 3.0.3
phpBB Group phpBB 3.0.2
phpBB Group phpBB 3.0.1
phpBB Group phpBB 3.0


 

phpBB is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

This issue affects phpBB 3.x; other versions may also be affected.

Solution:
Currently we are not aware of any vendor-supplied patches.

Back To Homepage

Hi there, I would like to thank Dean for the outstanding service I recently received. Dean was very thorough, explained to us in detail what was wrong with our computer,

Hello, Just a quick note to say thank you to Dean for his excellent customer service he provided during a recent computer problem we had.He was more than happy to answer any questions we had, and took the time to give us a full explanation in our...

Dean was on time and his computer diagnosis was spot on.The computer problem was fixed in a matter of minutes.Dean also noticed we had 4 computers in the house and set up our wireless router in the time he had left so we could share files.I can...