GLSA-200505-10 : phpBB: XSS Vulnerability

This script is Copyright (C) 2005-2015 Tenable Network Security, Inc.

Synopsis :

The remote Gentoo host is missing one or more security-related

Description :

The remote host is affected by the vulnerability described in GLSA-200505-10
(phpBB: XSS Vulnerability)

phpBB is vulnerable to a cross-site scripting vulnerability due to
improper sanitization of user-supplied input. Coupled with poor
validation of BBCode URLs which may be included in a forum post, an
unsuspecting user may follow a posted link triggering the

Impact :

Successful exploitation of the vulnerability could cause arbitrary
scripting code to be executed in the browser of a user.

Workaround :

There are no known workarounds at this time.

See also :

Solution :

All phpBB users should upgrade to the latest version:
emerge --sync
emerge --ask --oneshot --verbose '>=www-apps/phpBB-2.0.15'

Risk factor :


Family: Gentoo Local Security Checks

Nessus Plugin ID: 18269 (gentoo_GLSA-200505-10.nasl)

Bugtraq ID: 13344