Cross-site scripting (XSS) vulnerability in phpBB 2.0.18, when Allowed HTML tags is enabled, allows remote attackers to inject arbitrary Javascript via a permitted HTML tag with (quote) characters and active attributes such as onmouseover.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Phpbb | Phpbb_group | 2.0.18 (including) | 2.0.18 (including) |