GLSA-200505-10 : phpBB: XSS Vulnerability

medium Nessus Plugin ID 18269

Synopsis

The remote Gentoo host is missing one or more security-related patches.

Description

The remote host is affected by the vulnerability described in GLSA-200505-10 (phpBB: XSS Vulnerability)

phpBB is vulnerable to a cross-site scripting vulnerability due to improper sanitization of user-supplied input. Coupled with poor validation of BBCode URLs which may be included in a forum post, an unsuspecting user may follow a posted link triggering the vulnerability.
Impact :

Successful exploitation of the vulnerability could cause arbitrary scripting code to be executed in the browser of a user.
Workaround :

There are no known workarounds at this time.

Solution

All phpBB users should upgrade to the latest version:
emerge --sync emerge --ask --oneshot --verbose '>=www-apps/phpBB-2.0.15'

See Also

https://securitytracker.com/id?1013918

https://security.gentoo.org/glsa/200505-10

Plugin Details

Severity: Medium

ID: 18269

File Name: gentoo_GLSA-200505-10.nasl

Version: 1.23

Type: local

Published: 5/17/2005

Updated: 1/6/2021

Supported Sensors: Nessus

Vulnerability Information

CPE: p-cpe:/a:gentoo:linux:phpbb, cpe:/o:gentoo:linux

Required KB Items: Host/local_checks_enabled, Host/Gentoo/release, Host/Gentoo/qpkg-list

Exploit Available: true

Exploit Ease: No exploit is required

Patch Publication Date: 5/14/2005

Reference Information

BID: 13344

GLSA: 200505-10