VULHUB ™

phpBB is affected by a cross-site scripting vulnerability in the 'login.php' script. This issue is due to a failure of the application to properly sanitize user-supplied URI input. This can be exploited by constructing links that pass malicious strings through the affected URI parameter. If an unsuspecting user visits such a link, the malicious, externally created content supplied in the link will be rendered (or executed, in the case of script code) as part of the 'login.php' document and within the context of the vulnerable website (including the phpBB forum). Attackers may exploit this vulnerability to obtain the authentication credentials of other forum users. If the domain hosts other applications, their credentials and/or other sensitive information (session IDs, etc) may be exposed.

phpBB is affected by a cross-site scripting vulnerability in the 'login.php' script. This issue is due to a failure of the application to properly sanitize user-supplied URI input. This can be exploited by constructing links that pass malicious strings through the affected URI parameter. If an unsuspecting user visits such a link, the malicious, externally created content supplied in the link will be rendered (or executed, in the case of script code) as part of the 'login.php' document and within the context of the vulnerable website (including the phpBB forum). Attackers may exploit this vulnerability to obtain the authentication credentials of other forum users. If the domain hosts other applications, their credentials and/or other sensitive information (session IDs, etc) may be exposed.