Phpbb Security Vulnerabilities and Issues — Phpbb CVE List

Lucene search

Phpbb GroupPhpbb

19 matches found

CVE•added 2005/11/01 9:2 p.m.•55 views

CVE-2005-3418

Multiple cross-site scripting (XSS) vulnerabilities in phpBB 2.0.17 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) error_msg parameter to usercp_register.php, (2) forward_page parameter to login.php, and (3) list_cat parameter to search.php, which are not init...

4.3CVSS5.5AI score0.01451EPSS

CVE•added 2005/07/06 4:0 a.m.•53 views

CVE-2005-2161

Cross-site scripting (XSS) vulnerability in phpBB 2.0.16 allows remote attackers to inject arbitrary web script or HTML via nested [url] tags.

4.3CVSS5.6AI score0.00335EPSS

CVE•added 2005/05/27 4:0 a.m.•49 views

CVE-2003-1215

SQL injection vulnerability in groupcp.php for phpBB 2.0.6 and earlier allows group moderators to perform unauthorized activities via the sql_in parameter.

4.6CVSS7.5AI score0.00062EPSS

CVE•added 2006/09/13 11:7 p.m.•47 views

CVE-2006-4758

phpBB 2.0.21 does not properly handle pathnames ending in %00, which allows remote authenticated administrative users to upload arbitrary files, as demonstrated by a query to admin/admin_board.php with an avatar_path parameter ending in .php%00.

4.6CVSS6.2AI score0.01865EPSS

CVE•added 2006/02/06 10:2 p.m.•46 views

CVE-2006-0437

Cross-site scripting (XSS) vulnerability in admin_smilies.php in phpBB 2.0.19 allows remote attackers to inject arbitrary web script or HTML via Javascript events such as "onmouseover" in the (1) smile_url or (2) smile_emotion parameters, which bypasses a check for "" characters.

4.3CVSS5.7AI score0.00747EPSS

CVE•added 2005/04/21 4:0 a.m.•43 views

CVE-2001-1472

SQL injection vulnerability in prefs.php in phpBB 1.4.0 and 1.4.1 allows remote authenticated users to execute arbitrary SQL commands and gain administrative access via the viewemail parameter.

4.6CVSS8.5AI score0.00835EPSS

CVE•added 2005/05/02 4:0 a.m.•43 views

CVE-2005-0673

Cross-site scripting (XSS) vulnerability in usercp_register.php for phpBB 2.0.13 allows remote attackers to inject arbitrary web script or HTML by setting the (1) allowhtml, (2) allowbbcode, or (3) allowsmilies parameters to inject HTML into signatures for personal messages, possibly when they are ...

4.3CVSS5.8AI score0.00335EPSS

CVE•added 2006/04/13 10:2 a.m.•43 views

CVE-2006-1775

Multiple cross-site scripting (XSS) vulnerabilities in phpBB 2.0.19 allow remote attackers to inject arbitrary web script or HTML via the (1) Site Description field in (a) admin_board.php, the (2) Group name and (3) Group description fields in (b) admin_groups.php and (c) groupcp.php, the (4) Theme...

4.3CVSS5.8AI score0.00527EPSS

CVE•added 2005/05/10 4:0 a.m.•42 views

CVE-2004-2055

Cross-site scripting (XSS) vulnerability in search.php for PhpBB 2.0.4 and 2.0.9 allows remote attackers to inject arbitrary HTMl or web script via the search_author parameter.

4.3CVSS6AI score0.00444EPSS

CVE•added 2005/06/28 4:0 a.m.•40 views

CVE-2002-1894

Cross-site scripting (XSS) vulnerability in viewtopic.php in phpBB 2.0.3 allows remote attackers to inject arbitrary web script or HTML via the highlight parameter.

4.3CVSS6AI score0.00409EPSS

CVE•added 2005/05/02 4:0 a.m.•38 views

CVE-2005-1115

Multiple cross-site scripting (XSS) vulnerabilities in Photo Album 2.0.53 module for phpBB allow remote attackers to inject arbitrary web script or HTML via the bsid parameter to (1) album_cat.php or (2) album_comment.php.

4.3CVSS5.8AI score0.00409EPSS

CVE•added 2005/05/02 4:0 a.m.•38 views

CVE-2005-1116

Cross-site scripting (XSS) vulnerability in the Calendar module for phpBB allow remote attackers to inject arbitrary web script or HTML via the start parameter to calendar_scheduler.php.

4.3CVSS5.8AI score0.00297EPSS

CVE•added 2005/05/02 4:0 a.m.•37 views

CVE-2005-1290

Multiple cross-site scripting (XSS) vulnerabilities in phpBB 2.0.14 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) u parameter to profile.php, (2) highlight parameter to viewtopic.php, or (3) forumname or forumdesc parameters to admin_forums.php.

4.3CVSS5.8AI score0.00351EPSS

CVE•added 2006/04/04 10:4 a.m.•37 views

CVE-2006-1603

Cross-site scripting (XSS) vulnerability in profile.php in phpBB 2.0.19 allows remote attackers to inject arbitrary web script or HTML via the cur_password parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

4.3CVSS5.5AI score0.00527EPSS

CVE•added 2005/05/27 4:0 a.m.•35 views

CVE-2004-2130

Multiple cross-site scripting (XSS) vulnerabilities in privmsg.php in phpBB 2.0.6 allow remote attackers to execute arbitrary script or HTML via the (1) folder or (2) mode variables.

4.3CVSS6.4AI score0.06371EPSS

CVE•added 2006/05/15 4:6 p.m.•35 views

CVE-2006-2359

Cross-site scripting (XSS) vulnerability in charts.php in the Chart mod for phpBB allows remote attackers to inject arbitrary web script or HTML via the id parameter. NOTE: this issue might be resultant from SQL injection.

4.3CVSS6.5AI score0.00558EPSS

CVE•added 2005/05/10 4:0 a.m.•32 views

CVE-2004-1809

Cross-site scripting (XSS) vulnerability in phpBB 2.0.6d and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) postdays parameter to viewtopic.php or (2) topicdays parameter to viewforum.php.

4.3CVSS5.7AI score0.00558EPSS

CVE•added 2005/05/02 4:0 a.m.•30 views

CVE-2005-0872

Cross-site scripting (XSS) vulnerability in calendar_scheduler.php in the Topic Calendar 1.0.1 module for phpBB allows remote attackers to inject arbitrary web script or HTML via the start parameter.

4.3CVSS5.8AI score0.01856EPSS

CVE•added 2006/01/05 7:3 p.m.•28 views

CVE-2006-0063

Cross-site scripting (XSS) vulnerability in phpBB 2.0.19, when "Allowed HTML tags" is enabled, allows remote attackers to inject arbitrary web script or HTML via a permitted HTML tag with ' (single quote) characters and active attributes such as onmouseover, a variant of CVE-2005-4357.

4.3CVSS5.7AI score0.01415EPSS