CVE-2005-1193

Name of the Vulnerable Software and Affected Versions phpBB versions prior to 2.0.15

Description The issue allows remote attackers to execute arbitrary scripts via a BBcode tag with specific URI schemes, including javascript:, applet:, about:, activex:, chrome:, or script:. This is demonstrated using the URL tag in scripts such as viewtopic.php and privmsg.php.

Recommendations For versions prior to 2.0.15, update to version 2.0.15 or later to resolve the issue. As a temporary workaround, consider disabling the bbencode second pass and make clickable functions in bbcode.php until a patch is available. Restrict access to the URL tag in affected scripts to minimize the risk of exploitation.