Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

phpBB < 2.0.17 Nested BBCode URL Tags XSS

Low

Synopsis

The remote host is vulnerable to a Cross-Site Scripting (XSS) attack.

Description

According to its banner, the remote host is running a version of phpBB that fails to sanitize BBCode containing nested URL tags, which enables attackers to cause arbitrary HTML and script code to be executed in a user's browser within the context of the affected site.

Solution

Upgrade to version 2.0.17 or higher.