Re:[Advisory] phpBB 1.4.4 still suffers from Cross Site Scripting Vulnerability

From: altomo (altomoat_private)
Date: Thu Mar 28 2002 - 19:51:44 PST

Next message: secureat_private: "[CLA-2002:470] Conectiva Linux Security Announcement - imlib"

Previous message: Lucien Fransman: "Re: Oracle9i TSN DoS Attack"
Maybe in reply to: Florian Hobelsberger / BlueScreen: "[Advisory] phpBB 1.4.4 still suffers from Cross Site Scripting Vulnerability"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Zeroforum is vuln to this as well. Notified a few weeks ago and heard 
nothing back.

>>After a similar bug was discovered in phpBB 1.4.2, the authors fixed the 
>>bug
>>with which JavaScript could inserted by using an [IMG] tag like:
>>
>>[img]javascript:alert('bla')[/img]

Next message: secureat_private: "[CLA-2002:470] Conectiva Linux Security Announcement - imlib"
Previous message: Lucien Fransman: "Re: Oracle9i TSN DoS Attack"
Maybe in reply to: Florian Hobelsberger / BlueScreen: "[Advisory] phpBB 1.4.4 still suffers from Cross Site Scripting Vulnerability"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Mar 29 2002 - 12:45:47 PST