Cross-site Scripting (XSS)
phpbb/phpbb is vulnerable to Cross-site Scripting XSS. The vulnerability exists because the main function in acpicons.php does not adequately escape the smilies URL and does not prevent the use of a .pak filename, allowing an attacker to inject and execute malicious JavaScript...