Maksymilian Arciemowicz has discovered a security issue in phpBB, which can be exploited by malicious people to conduct script insertion attacks.
<B C=">" onmouseover="
Κώδικας: Επιλογή όλων
" X="<B "> H E L O </B> Successful exploitation requires that "Allow HTML" is enabled (not default setting). It is also possible to disclose the full path to "admin/admin_disallow.php" by accessing it directly with the "setmodules" parameter set to "1" (requires that "register_globals" is enabled). The security issue has been confirmed in version 2.0.18. Other versions may also be affected. Solution: Set "Allow HTML" to "No". Provided and/or discovered by: Maksymilian Arciemowicz Please note: The information, which this Secunia Advisory is based upon, comes from third party unless stated otherwise. Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.