CVE-2004-2130

Name of the Vulnerable Software and Affected Versions phpBB version 2.0.6

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to execute arbitrary script or HTML. The vulnerable parameters are the folder and mode variables.

Recommendations For phpBB version 2.0.6, update to a newer version that contains a fix for this issue. As a temporary workaround, consider restricting access to the privmsg.php file to minimize the risk of exploitation. Avoid using the folder and mode variables in the affected API endpoint until the issue is resolved.