Detections
Analytics

GLSA-200505-10 : phpBB: XSS Vulnerability

medium Nessus Plugin ID 18269

Synopsis

The remote Gentoo host is missing one or more security-related patches.

Description

The remote host is affected by the vulnerability described in GLSA-200505-10 (phpBB: XSS Vulnerability)

 phpBB is vulnerable to a cross-site scripting vulnerability due to improper sanitization of user-supplied input. Coupled with poor validation of BBCode URLs which may be included in a forum post, an unsuspecting user may follow a posted link triggering the vulnerability.
 Impact :

 Successful exploitation of the vulnerability could cause arbitrary scripting code to be executed in the browser of a user.
 Workaround :

 There are no known workarounds at this time.

Solution

All phpBB users should upgrade to the latest version:
 emerge --sync emerge --ask --oneshot --verbose '>=www-apps/phpBB-2.0.15'

See Also

https://securitytracker.com/id?1013918

https://security.gentoo.org/glsa/200505-10

Plugin Details

Severity: Medium

ID: 18269

File Name: gentoo_GLSA-200505-10.nasl

Version: 1.24

Type: local

Published: 5/17/2005

Updated: 4/2/2025

Supported Sensors: Nessus

Vulnerability Information

CPE: cpe:/o:gentoo:linux, p-cpe:/a:gentoo:linux:phpbb

Required KB Items: Host/local_checks_enabled, Host/Gentoo/release, Host/Gentoo/qpkg-list

Exploit Available: true

Exploit Ease: No exploit is required

Patch Publication Date: 5/14/2005

Reference Information

BID: 13344

GLSA: 200505-10