Description
Multiple cross-site scripting (XSS) vulnerabilities in privmsg.php in phpBB 2.0.6 allow remote attackers to execute arbitrary script or HTML via the (1) folder or (2) mode variables.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Ben Drysdale · textwebappsphp
https://www.exploit-db.com/exploits/23475
References (3)
Core 3
Core References
Mailing List mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=107530946123822&w=2
Exploit, Patch, Vendor Advisory vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/9290
Exploit, Patch, Vendor Advisory x_refsource_confirm
http://www.phpbb.com/phpBB/viewtopic.php?f=14&t=161943
Scores
EPSS
0.0729
EPSS Percentile
91.7%
Details
Status
published
Products (1)
phpbb_group/phpbb
2.0.6
Published
Dec 23, 2004
Tracked Since
Feb 18, 2026