• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

PHPBB BBCode IMG Tag Script Injection Vulnerability

phpBB is prone to a script injection vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied input in bbcode '[IMG]' tags included in a user signature.

Successful exploitation of this vulnerability could permit the injection of arbitrary HTML or script code into the browser of an unsuspecting user in the context of the affected site.

This issue is reported to affect phpBB version 2.0.17; earlier versions may also be vulnerable.

This issue reportedly affects other applications utilizing bbcode. Currently vBulletin is also known to be affected by this vulnerability. This issue also affects punBB 1.2.6; other versions may also be vulnerable.