CVE-2005-0673

Published May 2, 2005

Last updated 16 years ago

Overview

Description: Cross-site scripting (XSS) vulnerability in usercp_register.php for phpBB 2.0.13 allows remote attackers to inject arbitrary web script or HTML by setting the (1) allowhtml, (2) allowbbcode, or (3) allowsmilies parameters to inject HTML into signatures for personal messages, possibly when they are processed by privmsg.php or viewtopic.php.
Source: cve@mitre.org
NVD status: Analyzed

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 4.3
Impact score: 2.9
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:N/I:P/A:N

Weaknesses

nvd@nist.gov: NVD-CWE-Other

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.13:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E2BF61F2-C69F-4B3C-92CD-20377C51C8A2"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References