CVE-2005-3418

Name of the Vulnerable Software and Affected Versions phpBB versions 2.0.17 and earlier

Description The issue allows remote attackers to inject arbitrary web script or HTML. This can be achieved via the error msg parameter to "usercp register.php", the forward page parameter to "login.php", and the list cat parameter to "search.php", which are not initialized as variables.

Recommendations For phpBB versions 2.0.17 and earlier, update to a version later than 2.0.17 to resolve the issue. As a temporary workaround, consider restricting access to the affected parameters error msg, forward page, and list cat in the respective API endpoints "usercp register.php", "login.php", and "search.php" until a patch is available.