CVE-2006-6421

Published: Dec 10, 2006Modified: Apr 23, 2026

6.0

Vector

AV:N/AC:M/Au:S/C:P/I:P/A:P

Exploitability: 6.8 / Impact: 6.4

Source: NVD

Description

Cross-site scripting (XSS) vulnerability in the private message box implementation (privmsg.php) in phpBB 2.0.x allows remote authenticated users to inject arbitrary web script or HTML via the "Message body" field in a message to a non-existent user.

Affected (32)

Products: Phpbb Group: Phpbb

Phpbb Group

1 product

Phpbb

Configuration A

32 vulnerable

Vulnerable Software	Affected Versions
Phpbb Group Phpbb	Version 2.0.0
Phpbb Group Phpbb	Version 2.0.10
Phpbb Group Phpbb	Version 2.0.11
Phpbb Group Phpbb	Version 2.0.12
Phpbb Group Phpbb	Version 2.0.13
Phpbb Group Phpbb	Version 2.0.14
Phpbb Group Phpbb	Version 2.0.15
Phpbb Group Phpbb	Version 2.0.16
Phpbb Group Phpbb	Version 2.0.17
Phpbb Group Phpbb	Version 2.0.18
Phpbb Group Phpbb	Version 2.0.19
Phpbb Group Phpbb	Version 2.0.1
Phpbb Group Phpbb	Version 2.0.20
Phpbb Group Phpbb	Version 2.0.21
Phpbb Group Phpbb	Version 2.0.2
Phpbb Group Phpbb	Version 2.0.3
Phpbb Group Phpbb	Version 2.0.4
Phpbb Group Phpbb	Version 2.0.5
Phpbb Group Phpbb	Version 2.0.6
Phpbb Group Phpbb	Version 2.0.6c
Phpbb Group Phpbb	Version 2.0.6d
Phpbb Group Phpbb	Version 2.0.7
Phpbb Group Phpbb	Version 2.0.7a
Phpbb Group Phpbb	Version 2.0.8
Phpbb Group Phpbb	Version 2.0.8a
Phpbb Group Phpbb	Version 2.0.9
Phpbb Group Phpbb	Version 2.0
Phpbb Group Phpbb	Version 2.0_beta1
Phpbb Group Phpbb	Version 2.0_rc1
Phpbb Group Phpbb	Version 2.0_rc2
Phpbb Group Phpbb	Version 2.0_rc3
Phpbb Group Phpbb	Version 2.0_rc4