Vulnerabilities > CVE-2006-6421 - Input Validation vulnerability in PHPBB
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
SINGLE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Cross-site scripting (XSS) vulnerability in the private message box implementation (privmsg.php) in phpBB 2.0.x allows remote authenticated users to inject arbitrary web script or HTML via the "Message body" field in a message to a non-existent user.
Vulnerable Configurations
Exploit-Db
| description | phpBB 2.0.21 Privmsg.PHP HTML Injection Vulnerability. CVE-2006-6421. Webapps exploit for php platform |
| id | EDB-ID:29442 |
| last seen | 2016-02-03 |
| modified | 2007-01-11 |
| published | 2007-01-11 |
| reporter | Demential |
| source | https://www.exploit-db.com/download/29442/ |
| title | phpBB 2.0.21 - Privmsg.PHP HTML Injection Vulnerability |
Nessus
| NASL family | CGI abuses |
| NASL id | PHPBB_2022.NASL |
| description | The version of phpBB installed on the remote host fails to properly block |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 23968 |
| published | 2007-01-03 |
| reporter | This script is Copyright (C) 2007-2018 Tenable Network Security, Inc. |
| source | https://www.tenable.com/plugins/nessus/23968 |
| title | phpBB < 2.0.22 Multiple Vulnerabilities |
References
- http://secunia.com/advisories/23283
- http://securityreason.com/securityalert/2005
- http://www.phpbb.com/phpBB/viewtopic.php?f=14&t=489624
- http://www.securityfocus.com/archive/1/453774/100/0/threaded
- http://www.securityfocus.com/archive/1/456579/100/0/threaded
- http://www.securityfocus.com/archive/1/456728/100/100/threaded
- http://www.securityfocus.com/archive/1/456784/100/100/threaded
- http://www.securityfocus.com/bid/21806
- http://www.securityfocus.com/bid/22001
- https://exchange.xforce.ibmcloud.com/vulnerabilities/30776