<<< Date Index >>>     <<< Thread Index >>>

Re: phpBB2 2.0.22 Cross Site Scripting Vulnerability



This exploit is a non-issue. It assumes that you have access to the admin 
panel. At some point we have to trust that you are a real admin and not a 
malicious user.

HTML is allowed in some parts of the ACP due to the fact that BBCode is not 
parsed in these areas.

I would encourage anyone finding a possible vulnerability in phpBB to report it 
properly at our security tracker ( http://www.phpbb.com/security/ ), or e-mail 
it to security at phpbb.com

NeoThermic
phpBB Support Team, Audit Team and Incident Investigation Team Leader