{"cve": [{"lastseen": "2016-09-03T06:46:43", "bulletinFamily": "NVD", "description": "Multiple cross-site scripting (XSS) vulnerabilities in phpBB 2.0.19 allow remote attackers to inject arbitrary web script or HTML via the (1) Site Description field in (a) admin_board.php, the (2) Group name and (3) Group description fields in (b) admin_groups.php and (c) groupcp.php, the (4) Theme Name field in (d) admin_styles.php, and the (5) Rank Title field in (e) admin_ranks.php. NOTE: the profile.php/Current password vector is already covered by CVE-2006-1603.", "modified": "2008-09-05T17:02:48", "published": "2006-04-13T06:02:00", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-1775", "id": "CVE-2006-1775", "title": "CVE-2006-1775", "type": "cve", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "osvdb": [{"lastseen": "2017-04-28T13:20:21", "bulletinFamily": "software", "description": "# No description provided by the source\n\n## References:\nVendor URL: http://www.phpbb.com/\n[Related OSVDB ID: 24356](https://vulners.com/osvdb/OSVDB:24356)\n[Related OSVDB ID: 24353](https://vulners.com/osvdb/OSVDB:24353)\n[Related OSVDB ID: 24354](https://vulners.com/osvdb/OSVDB:24354)\n[Related OSVDB ID: 24355](https://vulners.com/osvdb/OSVDB:24355)\nOther Advisory URL: http://osvdb.org/ref/24/24353-phpbb.txt\n[CVE-2006-1775](https://vulners.com/cve/CVE-2006-1775)\n", "modified": "2006-03-31T07:32:39", "published": "2006-03-31T07:32:39", "href": "https://vulners.com/osvdb/OSVDB:24357", "id": "OSVDB:24357", "type": "osvdb", "title": "phpBB admin_ranks.php Rank Title Field XSS", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-04-28T13:20:21", "bulletinFamily": "software", "description": "## Vulnerability Description\nphpBB contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'Theme Name' field upon submission to the admin_styles.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nphpBB contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'Theme Name' field upon submission to the admin_styles.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.\n## References:\nVendor URL: http://www.phpbb.com/\n[Related OSVDB ID: 24357](https://vulners.com/osvdb/OSVDB:24357)\n[Related OSVDB ID: 24353](https://vulners.com/osvdb/OSVDB:24353)\n[Related OSVDB ID: 24354](https://vulners.com/osvdb/OSVDB:24354)\n[Related OSVDB ID: 24355](https://vulners.com/osvdb/OSVDB:24355)\nOther Advisory URL: http://osvdb.org/ref/24/24353-phpbb.txt\n[CVE-2006-1775](https://vulners.com/cve/CVE-2006-1775)\n", "modified": "2006-03-31T07:32:39", "published": "2006-03-31T07:32:39", "href": "https://vulners.com/osvdb/OSVDB:24356", "id": "OSVDB:24356", "type": "osvdb", "title": "phpBB admin_styles.php Theme Name Field XSS", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-04-28T13:20:21", "bulletinFamily": "software", "description": "# No description provided by the source\n\n## References:\nVendor URL: http://www.phpbb.com/\n[Related OSVDB ID: 24356](https://vulners.com/osvdb/OSVDB:24356)\n[Related OSVDB ID: 24357](https://vulners.com/osvdb/OSVDB:24357)\n[Related OSVDB ID: 24353](https://vulners.com/osvdb/OSVDB:24353)\n[Related OSVDB ID: 24354](https://vulners.com/osvdb/OSVDB:24354)\nOther Advisory URL: http://osvdb.org/ref/24/24353-phpbb.txt\n[CVE-2006-1775](https://vulners.com/cve/CVE-2006-1775)\n", "modified": "2006-03-31T07:32:39", "published": "2006-03-31T07:32:39", "href": "https://vulners.com/osvdb/OSVDB:24355", "id": "OSVDB:24355", "type": "osvdb", "title": "phpBB admin_groups.php New Group Multiple Field XSS", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}]}