[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: CSS in phpBB 1.4.4

To: <bugtraq@xxxxxxxxxxxxxxxxx>
Subject: RE: CSS in phpBB 1.4.4
From: "Paul Owen" <paul@xxxxxxxxxxx>
Date: Wed, 15 Dec 2004 22:15:33 -0000

 > phpBB 1.4.4 is vulnerable to Cross Site Scripting Attack.
> 
> [Vulnerable]
> 
> You can put vbscript in [img] bbcode tags.
> For example:
> 
> [img]vbscript: alert(document.cookie)[/img]

phpBB 1.x hasn't been supported for over two years. All users of phpBB
1.x have been long advised to switch to phpBB 2.x or other system (as
they see fit).

psoTFX - phpbb.com

Prev by Date: MDKSA-2004:150 - Updated kdelibs and kdebase packages fix vulnerability
Next by Date: Re: Linux kernel IGMP vulnerabilities
Previous by thread: CSS in phpBB 1.4.4
Next by thread: Cisco Security Advisory: Default Administrative Password in Cisco Guard and Traffic Anomaly Detector
Index(es):
- Date
- Thread