[24877] in bugtraq
Re:[Advisory] phpBB 1.4.4 still suffers from Cross Site Scripting
daemon@ATHENA.MIT.EDU (altomo)
Fri Mar 29 15:51:28 2002
Date: Thu, 28 Mar 2002 21:51:44 -0600 (CST)
From: altomo <altomo@digitalgangsters.net>
To: <bugtraq@securityfocus.com>
Message-ID: <Pine.LNX.4.33.0203282150180.1777-100000@hackfoo>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Zeroforum is vuln to this as well. Notified a few weeks ago and heard
nothing back.
>>After a similar bug was discovered in phpBB 1.4.2, the authors fixed the
>>bug
>>with which JavaScript could inserted by using an [IMG] tag like:
>>
>>[img]javascript:alert('bla')[/img]
