Executive Summary
| Summary | |
|---|---|
| Title | New phpbb2 packages fix cross-site scripting |
| Informations | |||
|---|---|---|---|
| Name | DSA-768 | First vendor Publication | 2005-07-27 |
| Vendor | Debian | Last vendor Modification | 2005-07-27 |
| Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:M/Au:N/C:N/I:P/A:N) | |||
|---|---|---|---|
| Cvss Base Score | 4.3 | Attack Range | Network |
| Cvss Impact Score | 2.9 | Attack Complexity | Medium |
| Cvss Expoit Score | 8.6 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| A cross-site scripting vulnerability has been detected in phpBB2, a fully featured and skinneable flat webforum software, that allows remote attackers to inject arbitrary web script or HTML via nested tags. The old stable distribution (woody) does not contain phpbb2. For the stable distribution (sarge) this problem has been fixed in version 2.0.13-6sarge1. For the unstable distribution (sid) this problem has been fixed in version 2.0.13-6sarge1. We recommend that you upgrade your phpbb2 packages. |
Original Source
| Url : http://www.debian.org/security/2005/dsa-768 |
CPE : Common Platform Enumeration
| Type | Description | Count |
|---|---|---|
| Application | 1 |
OpenVAS Exploits
| Date | Description |
|---|---|
| 2008-01-17 | Name : Debian Security Advisory DSA 768-1 (phpbb2) File : nvt/deb_768_1.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 17888 | phpBB Nested url BBCode Tag XSS phpBB contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate nested [URL] tags for arbitrary HTML or web script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server. |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2005-07-31 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-768.nasl - Type : ACT_GATHER_INFO |
| 2005-07-06 | Name : The remote web server contains a PHP application affected by a cross- site sc... File : phpbb_2_0_16.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2014-02-17 11:34:12 |
|
