PHPBB URL Tag BBCode.PHP Vulnerability

info
discussion
exploit
solution
references

PHPBB URL Tag BBCode.PHP Vulnerability

The phpbb vendor reports that a critical vulnerability exists in the BBCode handling routines of the 'bbcode.php' script.

The bbcode [url] tag is not properly sanitized of user-supplied input. This could permit the injection of arbitrary HTML or script code into the browser of an unsuspecting user in the context of the affected site.