|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: phpBB2 2.0.22 Cross Site Scripting Vulnerability
neothermic
phpbb.com
Date: Thu Jan 03 2008 - 11:28:47 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
This exploit is a non-issue. It assumes that you have access to the admin panel. At some point we have to trust that you are a real admin and not a malicious user.
HTML is allowed in some parts of the ACP due to the fact that BBCode is not parsed in these areas.
I would encourage anyone finding a possible vulnerability in phpBB to report it properly at our security tracker ( http://www.phpbb.com/security/ ), or e-mail it to security at phpbb.com
NeoThermic
phpBB Support Team, Audit Team and Incident Investigation Team Leader
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]