CVE-2006-0437

Publication date 6 February 2006

Last updated 24 July 2024

Ubuntu priority

Cross-site scripting (XSS) vulnerability in admin_smilies.php in phpBB 2.0.19 allows remote attackers to inject arbitrary web script or HTML via Javascript events such as "onmouseover" in the (1) smile_url or (2) smile_emotion parameters, which bypasses a check for "<" and ">" characters.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
phpbb2	9.10 karmic	Not in release
	9.04 jaunty	Not in release
	8.10 intrepid	Fixed 2.0.21-3
	8.04 LTS hardy	Fixed 2.0.21-3
	7.10 gutsy	Fixed 2.0.21-3
	7.04 feisty	Fixed 2.0.21-3
	6.10 edgy	Fixed 2.0.21-3
	6.06 LTS dapper	Ignored end of life

How can I get the fixes?
What do statuses mean?

References

MITRE
NVD
Launchpad
Debian

Other references

https://www.cve.org/CVERecord?id=CVE-2006-0437