Bugtraq mailing list archives

Re:[Advisory] phpBB 1.4.4 still suffers from Cross Site Scripting Vulnerability

From: altomo <altomo () digitalgangsters net>
Date: Thu, 28 Mar 2002 21:51:44 -0600 (CST)

Zeroforum is vuln to this as well. Notified a few weeks ago and heard 
nothing back.

After a similar bug was discovered in phpBB 1.4.2, the authors fixed the 
bug
with which JavaScript could inserted by using an [IMG] tag like:

[img]javascript:alert('bla')[/img]

Current thread:

[Advisory] phpBB 1.4.4 still suffers from Cross Site Scripting Vulnerability Florian Hobelsberger / BlueScreen (Mar 27)
- <Possible follow-ups>
- Re:[Advisory] phpBB 1.4.4 still suffers from Cross Site Scripting Vulnerability altomo (Mar 29)