|
phpBB profile.php avatarselect Cross-Site Scripting Vulnerability
It has been reported that phpBB may be prone to a cross-site scripting vulnerability that may allow an attacker to execute arbitrary HTML or script code in a user's browser. The issue exists due to insufficient sanitization of user-supplied input via the 'avatarselect' form parameter of 'profile.php' script. phpBB 2.0.6d has been reported to be prone to this issue, however, other versions could be affected as well. |
|
|
Privacy Statement |
