GLSA-200505-10 : phpBB: XSS Vulnerability

Medium Nessus Plugin ID 18269


The remote Gentoo host is missing one or more security-related patches.


The remote host is affected by the vulnerability described in GLSA-200505-10 (phpBB: XSS Vulnerability)

phpBB is vulnerable to a cross-site scripting vulnerability due to improper sanitization of user-supplied input. Coupled with poor validation of BBCode URLs which may be included in a forum post, an unsuspecting user may follow a posted link triggering the vulnerability.
Impact :

Successful exploitation of the vulnerability could cause arbitrary scripting code to be executed in the browser of a user.
Workaround :

There are no known workarounds at this time.


All phpBB users should upgrade to the latest version:
emerge --sync emerge --ask --oneshot --verbose '>=www-apps/phpBB-2.0.15'

See Also

Plugin Details

Severity: Medium

ID: 18269

File Name: gentoo_GLSA-200505-10.nasl

Version: $Revision: 1.18 $

Type: local

Published: 2005/05/17

Modified: 2016/11/11

Dependencies: 12634

Risk Information

Risk Factor: Medium

Temporal Vector: CVSS2#E:ND/RL:U/RC:ND

Vulnerability Information

CPE: p-cpe:/a:gentoo:linux:phpBB, cpe:/o:gentoo:linux

Required KB Items: Host/local_checks_enabled, Host/Gentoo/release, Host/Gentoo/qpkg-list

Exploit Available: true

Exploit Ease: No exploit is required

Patch Publication Date: 2005/05/14

Vulnerability Publication Date: 2005/05/09

Reference Information

BID: 13344

OSVDB: 16439

GLSA: 200505-10