CVE-2005-0673

Name of the Vulnerable Software and Affected Versions phpBB version 2.0.13

Description A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML. This is achieved by setting the allowhtml, allowbbcode, or allowsmilies parameters to inject HTML into signatures for personal messages. The issue may be triggered when these messages are processed by certain scripts.

Recommendations For phpBB version 2.0.13, as a temporary workaround, consider disabling the use of allowhtml, allowbbcode, and allowsmilies parameters in usercp register.php to prevent HTML injection into signatures. Restrict access to usercp register.php, privmsg.php, and viewtopic.php to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.