Back to search
CVE-2005-1193
Published: May 16, 2005
Modified: Aug 7, 2024
PUBLISHED
Description
The bbencode_second_pass and make_clickable functions in bbcode.php for phpBB before 2.0.15, as used in viewtopic.php, privmsg.php, and other scripts, allow remote attackers to execute arbitrary script via a BBcode tag with a (1) javascript:, (2) applet:, (3) about:, (4) activex:, (5) chrome:, or (6) script: URI scheme, as demonstrated using the URL tag.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
1014117
vdb-entry
x_refsource_SECTRACK
VU#113196
third-party-advisory
x_refsource_CERT-VN
15298
third-party-advisory
x_refsource_SECUNIA
13545
vdb-entry
x_refsource_BID
20050508 phpbb 2.0.15 released - patches high critical vuln
mailing-list
x_refsource_FULLDISC
http://www.phpbb.com/phpBB/viewtopic.php?f=14&t=288194
x_refsource_CONFIRM
http://castlecops.com/t123194-.html
x_refsource_MISC
20050507 phpbb 2.0.15 released - patches high critical vuln
mailing-list
x_refsource_BUGTRAQ
1013918
vdb-entry
x_refsource_SECTRACK
phpbb-url-bbcode-file-include(20574)
vdb-entry
x_refsource_XF
16439
vdb-entry
x_refsource_OSVDB
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now