CVE-2006-0063

phpBB 2.0.19 - XSS

Title source: llm

Description

Cross-site scripting (XSS) vulnerability in phpBB 2.0.19, when "Allowed HTML tags" is enabled, allows remote attackers to inject arbitrary web script or HTML via a permitted HTML tag with ' (single quote) characters and active attributes such as onmouseover, a variant of CVE-2005-4357.

References (4)

[Exploit, Vendor Advisory] http://securityreason.com/achievement_securityalert/30

[Third Party Advisory, VDB Entry] http://www.osvdb.org/22672

[Third Party Advisory] http://www.vupen.com/english/advisories/2006/0051

[Third Party Advisory] http://securityreason.com/securityalert/313

Scores

EPSS 0.0041

EPSS Percentile 60.9%

Classification

CWE

CWE-79

Status draft

Affected Products (1)

phpbb_group/phpbb

Timeline

Published Jan 05, 2006

Tracked Since Feb 18, 2026