CVE-2005-3418

Published: Nov 1, 2005Modified: Apr 16, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

Multiple cross-site scripting (XSS) vulnerabilities in phpBB 2.0.17 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) error_msg parameter to usercp_register.php, (2) forward_page parameter to login.php, and (3) list_cat parameter to search.php, which are not initialized as variables.

Affected (27)

Products: Phpbb Group: Phpbb

1 product

Configuration A

27 vulnerable

Vulnerable Software	Affected Versions
Phpbb Group Phpbb	Version 2.0.0
Phpbb Group Phpbb	Version 2.0.10
Phpbb Group Phpbb	Version 2.0.11
Phpbb Group Phpbb	Version 2.0.12
Phpbb Group Phpbb	Version 2.0.13
Phpbb Group Phpbb	Version 2.0.14
Phpbb Group Phpbb	Version 2.0.15
Phpbb Group Phpbb	Version 2.0.16
Phpbb Group Phpbb	Version 2.0.17
Phpbb Group Phpbb	Version 2.0.1
Phpbb Group Phpbb	Version 2.0.2
Phpbb Group Phpbb	Version 2.0.3
Phpbb Group Phpbb	Version 2.0.4
Phpbb Group Phpbb	Version 2.0.5
Phpbb Group Phpbb	Version 2.0.6
Phpbb Group Phpbb	Version 2.0.6c
Phpbb Group Phpbb	Version 2.0.6d
Phpbb Group Phpbb	Version 2.0.7
Phpbb Group Phpbb	Version 2.0.7a
Phpbb Group Phpbb	Version 2.0.8
Phpbb Group Phpbb	Version 2.0.8a
Phpbb Group Phpbb	Version 2.0.9
Phpbb Group Phpbb	Version 2.0_beta1
Phpbb Group Phpbb	Version 2.0_rc1
Phpbb Group Phpbb	Version 2.0_rc2
Phpbb Group Phpbb	Version 2.0_rc3
Phpbb Group Phpbb	Version 2.0_rc4

References (24)

http://marc.info/?l=bugtraq&m=113081113317600&w=2

Source: cve@mitre.org

http://secunia.com/advisories/17366

Source: cve@mitre.org

http://secunia.com/advisories/18098

Source: cve@mitre.org

http://securityreason.com/securityalert/130

Source: cve@mitre.org

http://securitytracker.com/id?1015121

Source: cve@mitre.org

PatchVendor Advisory

http://www.debian.org/security/2005/dsa-925

Source: cve@mitre.org

http://www.hardened-php.net/advisory_172005.75.html

Source: cve@mitre.org

PatchVendor Advisory

http://www.osvdb.org/20387

Source: cve@mitre.org

Patch

http://www.osvdb.org/20388

Source: cve@mitre.org

Patch

http://www.osvdb.org/20389

Source: cve@mitre.org

Patch

http://www.securityfocus.com/bid/15243

Source: cve@mitre.org

Patch

http://www.vupen.com/english/advisories/2005/2250

Source: cve@mitre.org

http://marc.info/?l=bugtraq&m=113081113317600&w=2

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/17366

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/18098

Source: af854a3a-2127-422b-91ae-364da2661108

http://securityreason.com/securityalert/130

Source: af854a3a-2127-422b-91ae-364da2661108

http://securitytracker.com/id?1015121

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://www.debian.org/security/2005/dsa-925

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.hardened-php.net/advisory_172005.75.html

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://www.osvdb.org/20387

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://www.osvdb.org/20388

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://www.osvdb.org/20389

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://www.securityfocus.com/bid/15243

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://www.vupen.com/english/advisories/2005/2250

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.