Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in phpBB 2.0.19 allow remote attackers to inject arbitrary web script or HTML via the (1) Site Description field in (a) admin_board.php, the (2) Group name and (3) Group description fields in (b) admin_groups.php and (c) groupcp.php, the (4) Theme Name field in (d) admin_styles.php, and the (5) Rank Title field in (e) admin_ranks.php. NOTE: the profile.php/Current password vector is already covered by CVE-2006-1603.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Phpbb Group | Phpbb | 2.0.19 |
References
- http://osvdb.org/ref/24/24353-phpbb.txt
- http://www.osvdb.org/24354
- http://www.osvdb.org/24355
- http://www.osvdb.org/24356
- http://www.osvdb.org/24357
- http://osvdb.org/ref/24/24353-phpbb.txt
- http://www.osvdb.org/24354
- http://www.osvdb.org/24355
- http://www.osvdb.org/24356
- http://www.osvdb.org/24357
FAQ
What is CVE-2006-1775?
CVE-2006-1775 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Multiple cross-site scripting (XSS) vulnerabilities in phpBB 2.0.19 allow remote attackers to inject arbitrary web script or HTML via the (1) Site Description field in (a) admin_board.php, the (2) Gro...
How severe is CVE-2006-1775?
CVE-2006-1775 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-1775?
Check the references section above for vendor advisories and patch information. Affected products include: Phpbb Group Phpbb.