CVE-2006-0437

Publication date 6 February 2006

Last updated 24 July 2024


Ubuntu priority

Cross-site scripting (XSS) vulnerability in admin_smilies.php in phpBB 2.0.19 allows remote attackers to inject arbitrary web script or HTML via Javascript events such as "onmouseover" in the (1) smile_url or (2) smile_emotion parameters, which bypasses a check for "<" and ">" characters.

Status

Package Ubuntu Release Status
phpbb2 9.10 karmic Not in release
9.04 jaunty Not in release
8.10 intrepid
Fixed 2.0.21-3
8.04 LTS hardy
Fixed 2.0.21-3
7.10 gutsy
Fixed 2.0.21-3
7.04 feisty
Fixed 2.0.21-3
6.10 edgy
Fixed 2.0.21-3
6.06 LTS dapper Ignored end of life