Cross-Site Scripting Vulnerability in phpBB 2.0.x
CVE-2006-6421

Currently unrated

Key Information:

Vendor: PHPbb Group
Status: PHPbb
Vendor: CVE Published:; 10 December 2006

🔔 Create PHPbb Group Vulnerability Alert

What is CVE-2006-6421?

The cross-site scripting vulnerability in phpBB 2.0.x affects the private message box (privmsg.php), allowing malicious authenticated users to inject arbitrary web scripts or HTML. This vulnerability arises when users send messages to non-existent recipients, enabling the potential for exploitative actions, including the theft of session cookies or redirecting users to malicious sites.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/30776

vdb-entryx_refsource_XF

http://www.securityfocus.com/archive/1/456579/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://www.phpbb.com/phpBB/viewtopic.php?f=14&t=489624

x_refsource_CONFIRM

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 10, 2006
Vulnerability Reserved
Dec 9, 2006

CVE-2006-6421 Data

JSON