phpBB < 2.0.17 Nested BBCode URL Tags XSS
Low Nessus Network Monitor Plugin ID 3051
SynopsisThe remote host is vulnerable to a Cross-Site Scripting (XSS) attack.
DescriptionAccording to its banner, the remote host is running a version of phpBB that fails to sanitize BBCode containing nested URL tags, which enables attackers to cause arbitrary HTML and script code to be executed in a user's browser within the context of the affected site.
SolutionUpgrade to version 2.0.17 or higher.