CVE-2005-1290

Published: May 2, 2005Modified: Apr 16, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

Multiple cross-site scripting (XSS) vulnerabilities in phpBB 2.0.14 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) u parameter to profile.php, (2) highlight parameter to viewtopic.php, or (3) forumname or forumdesc parameters to admin_forums.php.

Affected (16)

Products: Phpbb Group: Phpbb

Phpbb Group

1 product

Phpbb

Configuration A

16 vulnerable

Vulnerable Software	Affected Versions
Phpbb Group Phpbb	Version 2.0.0
Phpbb Group Phpbb	Version 2.0.10
Phpbb Group Phpbb	Version 2.0.11
Phpbb Group Phpbb	Version 2.0.12
Phpbb Group Phpbb	Version 2.0.13
Phpbb Group Phpbb	Version 2.0.14
Phpbb Group Phpbb	Version 2.0.1
Phpbb Group Phpbb	Version 2.0.2
Phpbb Group Phpbb	Version 2.0.3
Phpbb Group Phpbb	Version 2.0.4
Phpbb Group Phpbb	Version 2.0.5
Phpbb Group Phpbb	Version 2.0.6
Phpbb Group Phpbb	Version 2.0.7
Phpbb Group Phpbb	Version 2.0.8
Phpbb Group Phpbb	Version 2.0.8a
Phpbb Group Phpbb	Version 2.0.9

References (4)

http://marc.info/?l=bugtraq&m=111428283721756&w=2

Source: cve@mitre.org

http://neosecurityteam.net/Advisories/Advisory-14.txt

Source: cve@mitre.org

Exploit

http://marc.info/?l=bugtraq&m=111428283721756&w=2

Source: af854a3a-2127-422b-91ae-364da2661108

http://neosecurityteam.net/Advisories/Advisory-14.txt

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

Timeline

No history available yet.