Detections
Analytics
CVE-2005-4357
medium
Description
Cross-site scripting (XSS) vulnerability in phpBB 2.0.18, when "Allowed HTML tags" is enabled, allows remote attackers to inject arbitrary Javascript via a permitted HTML tag with " (quote) characters and active attributes such as onmouseover.
References
http://www.vupen.com/english/advisories/2006/0010
http://www.vupen.com/english/advisories/2005/2991
http://www.securityfocus.com/archive/1/420537/100/0/threaded
http://www.phpbb.com/phpBB/viewtopic.php?t=352966
http://securityreason.com/achievement_securityalert/29
http://secunia.com/advisories/18252