CVE-2004-0730

Name of the Vulnerable Software and Affected Versions PhpBB version 2.0.8

Description The issue allows remote attackers to inject arbitrary web script or HTML, which can lead to cross-site scripting (XSS) attacks. This is possible via the cat title parameter in "index.php", the faq[0][0] parameter in "lang faq.php" as accessible from "faq.php", or the faq[0][0] parameter in "lang bbcode.php" as accessible from "faq.php".

Recommendations For PhpBB version 2.0.8, consider disabling access to the vulnerable parameters cat title and faq[0][0] in the respective files until a patch is available. Restrict access to the "index.php", "lang faq.php", and "lang bbcode.php" files to minimize the risk of exploitation. Avoid using the cat title and faq[0][0] parameters in the affected API endpoints until the issue is resolved.