CVE-2004-0339 | Vulnerability Database | Aqua Security

Cross-site scripting (XSS) vulnerability in ViewTopic.php in phpBB, possibly 2.0.6c and earlier, allows remote attackers to execute arbitrary script or HTML as other users via the postorder parameter.

Affected Software

Name	Vendor	Start Version	End Version
Phpbb	Phpbb_group	2.0 (including)	2.0 (including)
Phpbb	Phpbb_group	2.0.1 (including)	2.0.1 (including)
Phpbb	Phpbb_group	2.0.2 (including)	2.0.2 (including)
Phpbb	Phpbb_group	2.0.3 (including)	2.0.3 (including)
Phpbb	Phpbb_group	2.0.4 (including)	2.0.4 (including)
Phpbb	Phpbb_group	2.0.5 (including)	2.0.5 (including)
Phpbb	Phpbb_group	2.0.6 (including)	2.0.6 (including)
Phpbb	Phpbb_group	2.0.6c (including)	2.0.6c (including)
Phpbb	Phpbb_group	2.0_rc4 (including)	2.0_rc4 (including)

References

http://marc.info/?l=bugtraq\u0026m=107799508130700\u0026w=2
http://www.securityfocus.com/bid/9765
https://exchange.xforce.ibmcloud.com/vulnerabilities/15348
http://marc.info/?l=bugtraq\u0026m=107799508130700\u0026w=2
http://www.securityfocus.com/bid/9765
https://exchange.xforce.ibmcloud.com/vulnerabilities/15348

NVD	https://nvd.nist.gov/vuln/detail/CVE-2004-0339
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html