GLSA-200505-10 : phpBB: XSS Vulnerability

This script is Copyright (C) 2005-2014 Tenable Network Security, Inc.


Synopsis :

The remote Gentoo host is missing one or more security-related
patches.

Description :

The remote host is affected by the vulnerability described in GLSA-200505-10
(phpBB: XSS Vulnerability)

phpBB is vulnerable to a cross-site scripting vulnerability due to
improper sanitization of user-supplied input. Coupled with poor
validation of BBCode URLs which may be included in a forum post, an
unsuspecting user may follow a posted link triggering the
vulnerability.

Impact :

Successful exploitation of the vulnerability could cause arbitrary
scripting code to be executed in the browser of a user.

Workaround :

There are no known workarounds at this time.

See also :

http://securitytracker.com/id?1013918
http://www.gentoo.org/security/en/glsa/glsa-200505-10.xml

Solution :

All phpBB users should upgrade to the latest version:
emerge --sync
emerge --ask --oneshot --verbose '>=www-apps/phpBB-2.0.15'

Risk factor :

Medium

Family: Gentoo Local Security Checks

Nessus Plugin ID: 18269 (gentoo_GLSA-200505-10.nasl)

Bugtraq ID: 13344

CVE ID: