lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <6130FAF67D15D411BF7100E01899071F866500@stork.mightyoaks.local> From: david.vincent at mightyoaks.com (David Vincent) Subject: New phpBB ViewTopic.php Cross Site Scriptin g Vulnerability (with fix) > On 02/28/04 Cheng Peng Su released the following Advisory: > > ################################################ > Advisory Name:New phpBB ViewTopic.php Cross Site Scripting > Vulnerability > Release Date: Feb 29,2004 > Application: phpBB > Platform: PHP > Version Affected: the lastest version > Vendor URL: http://www.phpbb.com/ > Discover: Cheng Peng Su(apple_soup_at_msn.com) > ################################################ > > Details: > ~ This vuln is similar to Arab VieruZ's advisory 'XSS bug in > phpBB',this time the problem is not in 'highlight' ,but in > 'postorder'.we can inject HTML code,such code could be used to steal > cookie information. exactly what version is this? they've released a new one as of March 01. http://www.phpbb.com/phpBB/viewtopic.php?f=14&t=177594 new version is 2.0.6d. -d
Powered by blists - more mailing lists