Lucene search
+L
Phpbb GroupPhpbb

19 matches found

cve
cve
added 2005/07/06 4:0 a.m.78 views

CVE-2005-2161

The CVE-2005-2161 entry covers a cross-site scripting (XSS) vulnerability in phpBB 2.0.16 that allows remote attackers to inject arbitrary script or HTML via nested [url] tags. Connected sources confirm phpBB2 exposure and the Debian security advisory DSA-768-1 (and related Debian/NVD entries) de...

4.3CVSS5.6AI score0.01228EPSS
cve
cve
added 2005/11/01 9:0 p.m.69 views

CVE-2005-3418

CVE-2005-3418 affects phpBB 2.0.17 and earlier: multiple cross-site scripting (XSS) vulnerabilities that allow remote attackers to inject arbitrary web scripts via (1) error_msg in usercp_register.php, (2) forward_page in login.php, or (3) list_cat in search.php—globals not initialized as variabl...

4.3CVSS5.5AI score0.01837EPSS
cve
cve
added 2005/05/27 4:0 a.m.66 views

CVE-2003-1215

CVE-2003-1215 describes an SQL injection in phpBB’s groupcp.php affecting 2.0.6 and earlier, exploitable via the sql_in parameter. This allows group moderators to perform unauthorized activities. The vulnerability is documented across multiple sources (NVD, CVE list, and Nessus plugin), with an e...

4.6CVSS7.5AI score0.00363EPSS
cve
cve
added 2005/03/07 5:0 a.m.64 views

CVE-2005-0673

CVE-2005-0673 affects phpBB 2.0.13 via Cross-site scripting in usercp_register.php, enabling remote attackers to inject arbitrary HTML/JS by manipulating (1) allowhtml, (2) allowbbcode, or (3) allowsmilies in signatures associated with privmsg.php or viewtopic.php. Documented impact is limited to...

4.3CVSS5.8AI score0.01896EPSS
cve
cve
added 2006/02/06 10:0 p.m.61 views

CVE-2006-0437

CVE-2006-0437 describes a cross‑site scripting (XSS) vulnerability in phpBB 2.0.19, specifically in admin_smilies.php. The issue allows remote attackers to inject arbitrary web script or HTML by supplying crafted values in the smile_url or smile_emotion parameters (via Javascript events like onmo...

4.3CVSS5.7AI score0.02241EPSS
Web
cve
cve
added 2006/09/13 11:0 p.m.61 views

CVE-2006-4758

CVE-2006-4758 affects phpBB 2.0.21 where an authenticated forum administrator can upload files by crafting the avatar_path parameter ending with .php%00. The vulnerability arises in the handling of pathnames ending in %00, enabling arbitrary file uploads. Public references in Debian OpenVAS entri...

4.6CVSS6.2AI score0.01584EPSS
Web
cve
cve
added 2006/04/13 10:0 a.m.60 views

CVE-2006-1775

CVE-2006-1775 affects phpBB 2.0.19 with multiple XSS vulnerabilities. The affected inputs are: (1) Site Description in admin_board.php, (2) Group name and (3) Group description in admin_groups.php and groupcp.php, (4) Theme Name in admin_styles.php, and (5) Rank Title in admin_ranks.php. The note...

4.3CVSS5.8AI score0.012EPSS
Web
cve
cve
added 2005/04/21 4:0 a.m.59 views

CVE-2001-1472

The CVE-2001-1472 entry describes a SQL injection in phpBB 1.4.0/1.4.1 through prefs.php via the viewemail parameter. This allows remote authenticated users to execute arbitrary SQL commands and gain administrative access. Affected: phpBB 1.4.0 and 1.4.1; vulnerability originates from the handlin...

4.6CVSS8.5AI score0.02578EPSS
cve
cve
added 2006/04/04 10:0 a.m.57 views

CVE-2006-1603

The CVE-2006-1603 entry concerns a Cross-site scripting (XSS) vulnerability in phpBB 2.0.19, exploitable through the cur_password parameter in profile.php. The affected software is phpBB 2.0.19, and the vulnerability is triggered via user-supplied input that can inject arbitrary script/HTML into ...

4.3CVSS5.5AI score0.01328EPSS
cve
cve
added 2005/05/10 4:0 a.m.56 views

CVE-2004-2055

The CVE-2004-2055 issue affects phpBB

4.3CVSS6AI score0.01255EPSS
cve
cve
added 2005/06/28 4:0 a.m.54 views

CVE-2002-1894

CVE-2002-1894 describes a Cross-site scripting (XSS) vulnerability in phpBB 2.0.3, where the highlight parameter in viewtopic.php can be exploited to inject arbitrary script/HTML. Affected component: phpBB 2.0.3, file viewtopic.php. Root cause: insufficient input handling allowing script/HTML inj...

4.3CVSS6AI score0.0196EPSS
cve
cve
added 2005/04/16 4:0 a.m.53 views

CVE-2005-1115

CVE-2005-1115 refers to multiple XSS flaws in Photo Album 2.0.53 module for phpBB. The vulnerabilities arise when user-supplied input is not properly sanitized, allowing remote attackers to inject arbitrary script or HTML via the bsid parameter to the scripts album_cat.php and album_comment.php. ...

4.3CVSS5.8AI score0.0125EPSS
cve
cve
added 2005/04/16 4:0 a.m.53 views

CVE-2005-1116

CVE-2005-1116 is a documented XSS vulnerability in the phpBB Calendar module. The issue allows remote attackers to inject arbitrary web script or HTML via the start parameter to calendar_scheduler.php. The affected component is the phpBB Calendar integration; the root cause is improper sanitizati...

4.3CVSS5.8AI score0.00963EPSS
cve
cve
added 2005/04/26 4:0 a.m.53 views

CVE-2005-1290

CVE-2005-1290 affects phpBB 2.0.14 and earlier. It has multiple XSS vulnerabilities allowing remote attackers to inject arbitrary script/HTML via: (1) the u parameter in profile.php, (2) the highlight parameter in viewtopic.php, and (3) the forumname or forumdesc parameters in admin_forums.php. T...

4.3CVSS5.8AI score0.01039EPSS
cve
cve
added 2005/05/27 4:0 a.m.51 views

CVE-2004-2130

CVE-2004-2130 affects phpBB 2.0.6. The described vulnerability is multiple cross-site scripting (XSS) in privmsg.php, exploitable via the (1) folder or (2) mode parameters, allowing remote attackers to have their HTML/Script executed in a victim’s browser. The sources consistently cite XSS in php...

4.3CVSS6.4AI score0.06538EPSS
cve
cve
added 2006/05/15 4:0 p.m.47 views

CVE-2006-2359

XSS vulnerability CVE-2006-2359 affects the phpBB Chart mod (charts.php) via the id parameter. The issue allows remote attackers to inject arbitrary script/HTML, with the note that it may stem from SQL injection. Base metrics indicate MEDIUM risk (CVSSv2: AV=N/AC=M/Au=N/C=N/I=P/A=N, base score 4....

4.3CVSS6.5AI score0.00995EPSS
cve
cve
added 2005/05/10 4:0 a.m.44 views

CVE-2004-1809

The CVE-2004-1809 issue affects phpBB 2.0.6d and earlier, where an XSS vulnerability exists in the web forum files ViewTopic.php and ViewForum.php. The underlying problem is that the (1) postdays parameter in viewtopic.php or (2) topicdays parameter in viewforum.php can be manipulated to inject a...

4.3CVSS5.7AI score0.01406EPSS
cve
cve
added 2006/01/05 7:0 p.m.42 views

CVE-2006-0063

CVE-2006-0063 affects phpBB 2.0.19, where enabling “Allowed HTML tags” permits cross-site scripting by injecting arbitrary script or HTML via a permitted tag using a single quote character and active attributes such as onmouseover; this is a variant of CVE-2005-4357. The available connected docum...

4.3CVSS5.7AI score0.01283EPSS
cve
cve
added 2005/03/26 5:0 a.m.41 views

CVE-2005-0872

Topic Calendar 1.0.1 for phpBB is affected. The vulnerability is a cross-site scripting (XSS) flaw in calendar_scheduler.php that allows remote attackers to inject arbitrary web script or HTML through the start parameter. This is documented in multiple sources (OpenVAS entry “Topic Calendar XSS” ...

4.3CVSS5.8AI score0.06402EPSS