Vulnerabilities > Phpbb Group > Phpbb > Low

DATE CVE VULNERABILITY TITLE RISK
2005-12-20 CVE-2005-4357 Cross-Site Scripting vulnerability in PHPbb Group PHPbb 2.0.18
Cross-site scripting (XSS) vulnerability in phpBB 2.0.18, when "Allowed HTML tags" is enabled, allows remote attackers to inject arbitrary Javascript via a permitted HTML tag with " (quote) characters and active attributes such as onmouseover.
network
high complexity
phpbb-group
2.6
2005-10-26 CVE-2005-3310 HTML Injection vulnerability in PHPbb Group PHPbb 2.0.17
Interpretation conflict in phpBB 2.0.17, with remote avatars and avatar uploading enabled, allows remote authenticated users to inject arbitrary web script or HTML via an HTML file with a GIF or JPEG file extension, which causes the HTML to be executed by a victim who views the file in Internet Explorer, which renders malformed image types as HTML, enabling cross-site scripting (XSS) attacks.
network
phpbb-group
3.5