Nessus Plugin #13840
Plugin Index
Note: This file has been created from a
downloaded version of the Nessus Plugins
from
http://www.nessus.org/.
Therefore, the information here can be outdated.
phpBB < 2.0.10
- Family:
- CGI abuses : XSS
- Category:
- infos
- Copyright:
- This script is Copyright (C) 2004 David Maciejak
- Summary:
- Check for phpBB version
- Version:
- $Revision: 1.9 $
- Cve_id:
- -
- Bugtraq_id:
- 10738, 10753, 10754, 10883
- Xrefs:
- OSVDB:8164
- Description:
The remote host is running a version of phpBB older than 2.0.10.
phpBB contains a flaw that allows a remote cross site scripting attack.
This flaw exists because the application does not validate user-supplied
input in the 'search_author' parameter.
This version is also vulnerable to a HTTP response splitting vulnerability
which permits the injection of CRLF characters in the HTTP headers.
Solution : Upgrade to 2.0.10 or later
Risk factor : Medium
Generiert am 27.04.2005 um 18:49:54 Uhr.