Papados

**Name of the Vulnerable Software and Affected Versions** phpBB versions prior to 2.0.15 **Description** The issue allows remote attackers to execute arbitrary scripts via a BBcode tag with specific URI schemes, including `javascript:`, `applet:`, `about:`, `activex:`, `chrome:`, or `script:`. This is demonstrated using the URL tag in scripts such as viewtopic.php and privmsg.php. **Recommendations** For versions prior to 2.0.15, update to version 2.0.15 or later to resolve the issue. As a temporary workaround, consider disabling the `bbencode second pass` and `make clickable` functions in bbcode.php until a patch is available. Restrict access to the URL tag in affected scripts to minimize the risk of exploitation.