CVE-2005-1193

The bbencodesecondpass and makeclickable functions in bbcode.php for phpBB before 2.0.15, as used in viewtopic.php, privmsg.php, and other scripts, allow remote attackers to execute arbitrary script via a BBcode tag with a 1 javascript:, 2 applet:, 3 about:, 4 activex:, 5 chrome:, or 6 script: UR...

CVE-2005-1404

MyPHP Forum 1.0 allows remote attackers to spoof the username by modifying the 1 nbuser parameter to post.php or 2 sender parameter to privmsg.php...

CVE-2005-1404

MyPHP Forum 1.0 allows remote attackers to spoof the username by modifying the 1 nbuser parameter to post.php or 2 sender parameter to privmsg.php...

CVE-2005-0673

Cross-site scripting XSS vulnerability in usercpregister.php for phpBB 2.0.13 allows remote attackers to inject arbitrary web script or HTML by setting the 1 allowhtml, 2 allowbbcode, or 3 allowsmilies parameters to inject HTML into signatures for personal messages, possibly when they are process...

CVE-2005-0673

Cross-site scripting XSS vulnerability in usercpregister.php for phpBB 2.0.13 allows remote attackers to inject arbitrary web script or HTML by setting the 1 allowhtml, 2 allowbbcode, or 3 allowsmilies parameters to inject HTML into signatures for personal messages, possibly when they are process...

phpBB 2.0.6 - 'privmsg.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/9290/info phpBB is prone to a cross-site scripting vulnerability in the 'privmsg.php' script. The source of the problem is that HTML and script code are not adequately sanitized from input supplied via URI parameters. This input will be included in...

phpBB 2.0.6 - privmsg.php Cross-Site Scripting

phpBB 2.0.6 - privmsg.php Cross-Site Scripting source: https://www.securityfocus.com/bid/9290/info phpBB is prone to a cross-site scripting vulnerability in the 'privmsg.php' script. The source of the problem is that HTML and script code are not adequately sanitized from input supplied via URI...