CVE-2006-1775

Name of the Vulnerable Software and Affected Versions phpBB version 2.0.19

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML via several fields, including the Site Description field in admin board.php, the Group name and Group description fields in admin groups.php and groupcp.php, the Theme Name field in admin styles.php, and the Rank Title field in admin ranks.php.

Recommendations For phpBB version 2.0.19, update to a version that includes a fix for these XSS vulnerabilities to prevent remote attackers from injecting arbitrary web script or HTML. As a temporary workaround, consider restricting access to the affected fields, such as the Site Description field, Group name, Group description, Theme Name, and Rank Title fields, until a patch is available.