CVE-2006-6421: XSS
First published: Sun Dec 10 2006(Updated: )
Cross-site scripting (XSS) vulnerability in the private message box implementation (privmsg.php) in phpBB 2.0.x allows remote authenticated users to inject arbitrary web script or HTML via the "Message body" field in a message to a non-existent user.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Phpbb Group Phpbb | =2.0.5 | |
| Phpbb Group Phpbb | =2.0.21 | |
| Phpbb Group Phpbb | =2.0.7a | |
| Phpbb Group Phpbb | =2.0.20 | |
| Phpbb Group Phpbb | =2.0.8 | |
| Phpbb Group Phpbb | =2.0.11 | |
| Phpbb Group Phpbb | =2.0.1 | |
| Phpbb Group Phpbb | =2.0.13 | |
| Phpbb Group Phpbb | =2.0.16 | |
| Phpbb Group Phpbb | =2.0.3 | |
| Phpbb Group Phpbb | =2.0_rc2 | |
| Phpbb Group Phpbb | =2.0 | |
| Phpbb Group Phpbb | =2.0_rc1 | |
| Phpbb Group Phpbb | =2.0.19 | |
| Phpbb Group Phpbb | =2.0.4 | |
| Phpbb Group Phpbb | =2.0.12 | |
| Phpbb Group Phpbb | =2.0.9 | |
| Phpbb Group Phpbb | =2.0.7 | |
| Phpbb Group Phpbb | =2.0.8a | |
| Phpbb Group Phpbb | =2.0.6d | |
| Phpbb Group Phpbb | =2.0.2 | |
| Phpbb Group Phpbb | =2.0.14 | |
| Phpbb Group Phpbb | =2.0.10 | |
| Phpbb Group Phpbb | =2.0.6c | |
| Phpbb Group Phpbb | =2.0.15 | |
| Phpbb Group Phpbb | =2.0_rc4 | |
| Phpbb Group Phpbb | =2.0.6 | |
| Phpbb Group Phpbb | =2.0.0 | |
| Phpbb Group Phpbb | =2.0.17 | |
| Phpbb Group Phpbb | =2.0_rc3 | |
| Phpbb Group Phpbb | =2.0.18 | |
| Phpbb Group Phpbb | =2.0_beta1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://secunia.com/advisories/23283
- http://www.phpbb.com/phpBB/viewtopic.php?f=14&t=489624
- http://www.securityfocus.com/bid/21806
- http://www.securityfocus.com/bid/22001
- http://securityreason.com/securityalert/2005
- https://exchange.xforce.ibmcloud.com/vulnerabilities/30776
- http://www.securityfocus.com/archive/1/456784/100/100/threaded
- http://www.securityfocus.com/archive/1/456728/100/100/threaded
- http://www.securityfocus.com/archive/1/456579/100/0/threaded
- http://www.securityfocus.com/archive/1/453774/100/0/threaded
- collector/nvd-historical
- vendor/phpbb group
- product/phpbb
- canonical/phpbb group phpbb
- collector/nvd-index
- agent/weakness
- agent/severity
- agent/author
- agent/references
- agent/type
- agent/event
- agent/description
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- version/phpbb group phpbb/2.0.5
- version/phpbb group phpbb/2.0.21
- version/phpbb group phpbb/2.0.7a
- version/phpbb group phpbb/2.0.20
- version/phpbb group phpbb/2.0.8
- version/phpbb group phpbb/2.0.11
- version/phpbb group phpbb/2.0.1
- version/phpbb group phpbb/2.0.13
- version/phpbb group phpbb/2.0.16
- version/phpbb group phpbb/2.0.3
- version/phpbb group phpbb/2.0_rc2
- version/phpbb group phpbb/2.0
- version/phpbb group phpbb/2.0_rc1
- version/phpbb group phpbb/2.0.19
- version/phpbb group phpbb/2.0.4
- version/phpbb group phpbb/2.0.12
- version/phpbb group phpbb/2.0.9
- version/phpbb group phpbb/2.0.7
- version/phpbb group phpbb/2.0.8a
- version/phpbb group phpbb/2.0.6d
- version/phpbb group phpbb/2.0.2
- version/phpbb group phpbb/2.0.14
- version/phpbb group phpbb/2.0.10
- version/phpbb group phpbb/2.0.6c
- version/phpbb group phpbb/2.0.15
- version/phpbb group phpbb/2.0_rc4
- version/phpbb group phpbb/2.0.6
- version/phpbb group phpbb/2.0.0
- version/phpbb group phpbb/2.0.17
- version/phpbb group phpbb/2.0_rc3
- version/phpbb group phpbb/2.0.18
- version/phpbb group phpbb/2.0_beta1