VULHUB ™

It is reported that one of the scripts included with phpBB is prone to a cross-site scripting vulnerability. According to the author of the report, the script "search.php" returns the value of the HTML variable "search_author" to the client as its output without encoding it or otherwise removing potentially hostile content. It is reported that gpc magic quotes must be turned off in php.ini for this vulnerability to exist.

It is reported that one of the scripts included with phpBB is prone to a cross-site scripting vulnerability. According to the author of the report, the script "search.php" returns the value of the HTML variable "search_author" to the client as its output without encoding it or otherwise removing potentially hostile content. It is reported that gpc magic quotes must be turned off in php.ini for this vulnerability to exist.