Re:[Advisory] phpBB 1.4.4 still suffers from Cross Site ScriptingVulnerability

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: <bugtraq@securityfocus.com>
Subject: Re:[Advisory] phpBB 1.4.4 still suffers from Cross Site ScriptingVulnerability
From: altomo <altomo@digitalgangsters.net>
Date: Thu, 28 Mar 2002 21:51:44 -0600 (CST)

Zeroforum is vuln to this as well. Notified a few weeks ago and heard 
nothing back.

>>After a similar bug was discovered in phpBB 1.4.2, the authors fixed the 
>>bug
>>with which JavaScript could inserted by using an [IMG] tag like:
>>
>>[img]javascript:alert('bla')[/img]

Prev by Date: Security Update: [CSSA-2002-008.0] Linux: CUPS buffer overflow when reading names of attributes
Next by Date: Anonymizer, MSIE, images ...
Previous by thread: Security Update: [CSSA-2002-008.0] Linux: CUPS buffer overflow when reading names of attributes
Next by thread: Anonymizer, MSIE, images ...
Index(es):
- Date
- Thread

[Index of Archives] [Linux Security] [Netfilter] [PHP] [Yosemite News] [Linux Kernel]

Powered by Linux