CVE-2005-4357

Name of the Vulnerable Software and Affected Versions phpBB version 2.0.18

Description The issue is related to a cross-site scripting (XSS) vulnerability. When the "Allowed HTML tags" option is enabled, remote attackers can inject arbitrary Javascript code via permitted HTML tags that contain quote characters and active attributes, such as onmouseover.

Recommendations For phpBB version 2.0.18, consider disabling the "Allowed HTML tags" option to prevent the injection of malicious Javascript code until a patch is available. Restrict access to HTML tags with active attributes to minimize the risk of exploitation.