This script is Copyright (C) 2004-2016 Tenable Network Security, Inc.
A remote web application is vulnerable to cross-site scripting.
The remote host is running a version of phpBB older than 2.0.10.
phpBB contains a flaw that allows a remote cross-site scripting attack.
This flaw exists because the application does not validate user-supplied
input in the 'search_author' parameter.
This version is also vulnerable to an HTTP response splitting attack
that permits the injection of CRLF characters in the HTTP headers.
Upgrade to 2.0.10 or later.
Risk factor :
Medium / CVSS Base Score : 4.3
CVSS Temporal Score : 3.7
Public Exploit Available : true
Family: CGI abuses : XSS
Nessus Plugin ID: 13840 ()
Bugtraq ID: 10738107531075410883
CVE ID: CVE-2004-0730CVE-2004-2054CVE-2004-2055
Upgrade to Nessus Professional today!
Start your free Nessus Cloud trial now!
Begin Free Trial
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.