Search...

phpBB admin_board.php Site Description Field XSS

2006-03-31T07:32:39

ID OSVDB:24354
Type osvdb
Reporter OSVDB
Modified 2006-03-31T07:32:39

Description

No description provided by the source

References:

Vendor URL: http://www.phpbb.com/ Related OSVDB ID: 24356 Related OSVDB ID: 24357 Related OSVDB ID: 24353 Related OSVDB ID: 24355 Other Advisory URL: http://osvdb.org/ref/24/24353-phpbb.txt CVE-2006-1775

JSON Vulners Source

Initial Source

{"type": "osvdb", "published": "2006-03-31T07:32:39", "href": "https://vulners.com/osvdb/OSVDB:24354", "hashmap": [{"key": "affectedSoftware", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "bulletinFamily", "hash": "f9fa10ba956cacf91d7878861139efb9"}, {"key": "cvelist", "hash": "18572dc8f4e5ca05f6a12fc3c37962a9"}, {"key": "cvss", "hash": "6e9bdd2021503689a2ad9254c9cdf2b3"}, {"key": "description", "hash": "fab5fbba2577df4af0c1b06d1760e35b"}, {"key": "href", "hash": "b0b9a2c106ff25ab9deb2344b9199bb0"}, {"key": "modified", "hash": "03c498a2369e1702ffc1c9b0d80d00aa"}, {"key": "objectVersion", "hash": "56765472680401499c79732468ba4340"}, {"key": "published", "hash": "03c498a2369e1702ffc1c9b0d80d00aa"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "955b328dc7cd615c13af5464c9183464"}, {"key": "title", "hash": "2569f78587e6df1b5f78bd76eb36dd12"}, {"key": "type", "hash": "1327ac71f7914948578f08c54f772b10"}], "bulletinFamily": "software", "cvss": {"vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/", "score": 4.3}, "viewCount": 3, "history": [], "edition": 1, "objectVersion": "1.2", "reporter": "OSVDB", "title": "phpBB admin_board.php Site Description Field XSS", "affectedSoftware": [], "enchantments": {"score": {"value": 5.4, "vector": "NONE", "modified": "2017-04-28T13:20:21"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2006-1775"]}, {"type": "osvdb", "idList": ["OSVDB:24355", "OSVDB:24356", "OSVDB:24357"]}], "modified": "2017-04-28T13:20:21"}, "vulnersScore": 5.4}, "references": [], "id": "OSVDB:24354", "hash": "f373c2d066164306c171ac743688b578b8b533acd9081627e52ca66fae71acfe", "lastseen": "2017-04-28T13:20:21", "cvelist": ["CVE-2006-1775"], "modified": "2006-03-31T07:32:39", "description": "# No description provided by the source\n\n## References:\nVendor URL: http://www.phpbb.com/\n[Related OSVDB ID: 24356](https://vulners.com/osvdb/OSVDB:24356)\n[Related OSVDB ID: 24357](https://vulners.com/osvdb/OSVDB:24357)\n[Related OSVDB ID: 24353](https://vulners.com/osvdb/OSVDB:24353)\n[Related OSVDB ID: 24355](https://vulners.com/osvdb/OSVDB:24355)\nOther Advisory URL: http://osvdb.org/ref/24/24353-phpbb.txt\n[CVE-2006-1775](https://vulners.com/cve/CVE-2006-1775)\n"}

{"cve": [{"lastseen": "2019-05-29T18:08:32", "bulletinFamily": "NVD", "description": "Multiple cross-site scripting (XSS) vulnerabilities in phpBB 2.0.19 allow remote attackers to inject arbitrary web script or HTML via the (1) Site Description field in (a) admin_board.php, the (2) Group name and (3) Group description fields in (b) admin_groups.php and (c) groupcp.php, the (4) Theme Name field in (d) admin_styles.php, and the (5) Rank Title field in (e) admin_ranks.php. NOTE: the profile.php/Current password vector is already covered by CVE-2006-1603.", "modified": "2008-09-05T21:02:00", "id": "CVE-2006-1775", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-1775", "published": "2006-04-13T10:02:00", "title": "CVE-2006-1775", "type": "cve", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "osvdb": [{"lastseen": "2017-04-28T13:20:21", "bulletinFamily": "software", "description": "# No description provided by the source\n\n## References:\nVendor URL: http://www.phpbb.com/\n[Related OSVDB ID: 24356](https://vulners.com/osvdb/OSVDB:24356)\n[Related OSVDB ID: 24353](https://vulners.com/osvdb/OSVDB:24353)\n[Related OSVDB ID: 24354](https://vulners.com/osvdb/OSVDB:24354)\n[Related OSVDB ID: 24355](https://vulners.com/osvdb/OSVDB:24355)\nOther Advisory URL: http://osvdb.org/ref/24/24353-phpbb.txt\n[CVE-2006-1775](https://vulners.com/cve/CVE-2006-1775)\n", "modified": "2006-03-31T07:32:39", "published": "2006-03-31T07:32:39", "href": "https://vulners.com/osvdb/OSVDB:24357", "id": "OSVDB:24357", "type": "osvdb", "title": "phpBB admin_ranks.php Rank Title Field XSS", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-04-28T13:20:21", "bulletinFamily": "software", "description": "# No description provided by the source\n\n## References:\nVendor URL: http://www.phpbb.com/\n[Related OSVDB ID: 24356](https://vulners.com/osvdb/OSVDB:24356)\n[Related OSVDB ID: 24357](https://vulners.com/osvdb/OSVDB:24357)\n[Related OSVDB ID: 24353](https://vulners.com/osvdb/OSVDB:24353)\n[Related OSVDB ID: 24354](https://vulners.com/osvdb/OSVDB:24354)\nOther Advisory URL: http://osvdb.org/ref/24/24353-phpbb.txt\n[CVE-2006-1775](https://vulners.com/cve/CVE-2006-1775)\n", "modified": "2006-03-31T07:32:39", "published": "2006-03-31T07:32:39", "href": "https://vulners.com/osvdb/OSVDB:24355", "id": "OSVDB:24355", "type": "osvdb", "title": "phpBB admin_groups.php New Group Multiple Field XSS", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-04-28T13:20:21", "bulletinFamily": "software", "description": "## Vulnerability Description\nphpBB contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'Theme Name' field upon submission to the admin_styles.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nphpBB contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'Theme Name' field upon submission to the admin_styles.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.\n## References:\nVendor URL: http://www.phpbb.com/\n[Related OSVDB ID: 24357](https://vulners.com/osvdb/OSVDB:24357)\n[Related OSVDB ID: 24353](https://vulners.com/osvdb/OSVDB:24353)\n[Related OSVDB ID: 24354](https://vulners.com/osvdb/OSVDB:24354)\n[Related OSVDB ID: 24355](https://vulners.com/osvdb/OSVDB:24355)\nOther Advisory URL: http://osvdb.org/ref/24/24353-phpbb.txt\n[CVE-2006-1775](https://vulners.com/cve/CVE-2006-1775)\n", "modified": "2006-03-31T07:32:39", "published": "2006-03-31T07:32:39", "href": "https://vulners.com/osvdb/OSVDB:24356", "id": "OSVDB:24356", "type": "osvdb", "title": "phpBB admin_styles.php Theme Name Field XSS", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}]}