CVE-2006-6421

phpBB 2.0.x - XSS

Title source: llm

Description

Cross-site scripting (XSS) vulnerability in the private message box implementation (privmsg.php) in phpBB 2.0.x allows remote authenticated users to inject arbitrary web script or HTML via the "Message body" field in a message to a non-existent user.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Demential · htmlwebappsphp

https://www.exploit-db.com/exploits/29442

View Code ZIP pw:eip

References (10)

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/30776

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/456579/100/0/threaded

[Various Sources] http://www.phpbb.com/phpBB/viewtopic.php?f=14&t=489624

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/456728/100/100/threaded

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/22001

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/21806

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/456784/100/100/threaded

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/453774/100/0/threaded

[Third Party Advisory] http://secunia.com/advisories/23283

[Third Party Advisory] http://securityreason.com/securityalert/2005

Scores

EPSS 0.0227

EPSS Percentile 84.7%

Details

Status published

Products (32)

phpbb_group/phpbb 2.0

phpbb_group/phpbb 2.0.0

phpbb_group/phpbb 2.0.1

phpbb_group/phpbb 2.0.2

phpbb_group/phpbb 2.0.3

phpbb_group/phpbb 2.0.4

phpbb_group/phpbb 2.0.5

phpbb_group/phpbb 2.0.6

phpbb_group/phpbb 2.0.6c

phpbb_group/phpbb 2.0.6d

... and 22 more

Published Dec 10, 2006

Tracked Since Feb 18, 2026