CVE-2006-6421
phpBB 2.0.21 - 'privmsg.php' HTML Injection
Severity Score
6.0
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Cross-site scripting (XSS) vulnerability in the private message box implementation (privmsg.php) in phpBB 2.0.x allows remote authenticated users to inject arbitrary web script or HTML via the "Message body" field in a message to a non-existent user.
Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el buzón de mensajes privados en phpBB 2.0.x permite a un usuario remoto validado inyectar secuencias de comandos web o HTML a través del campo "cuerpo de mensaje" de un mensaje a un usuario no existente.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2006-12-09 CVE Reserved
- 2006-12-10 CVE Published
- 2007-01-11 First Exploit
- 2023-12-29 EPSS Updated
- 2024-08-07 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
CAPEC
References (11)
| URL | Tag | Source |
|---|---|---|
| http://secunia.com/advisories/23283 | Third Party Advisory | |
| http://securityreason.com/securityalert/2005 | Third Party Advisory | |
| http://www.phpbb.com/phpBB/viewtopic.php?f=14&t=489624 | X_refsource_confirm | |
| http://www.securityfocus.com/archive/1/453774/100/0/threaded | Mailing List | |
| http://www.securityfocus.com/archive/1/456579/100/0/threaded | Mailing List | |
| http://www.securityfocus.com/archive/1/456728/100/100/threaded | Mailing List | |
| http://www.securityfocus.com/archive/1/456784/100/100/threaded | Mailing List | |
| http://www.securityfocus.com/bid/21806 | Vdb Entry | |
| http://www.securityfocus.com/bid/22001 | Vdb Entry | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/30776 | Vdb Entry |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/29442 | 2007-01-11 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Phpbb Group Search vendor "Phpbb Group" | Phpbb Search vendor "Phpbb Group" for product "Phpbb" | 2.0 Search vendor "Phpbb Group" for product "Phpbb" and version "2.0" | - |
Affected
| ||||||
| Phpbb Group Search vendor "Phpbb Group" | Phpbb Search vendor "Phpbb Group" for product "Phpbb" | 2.0.0 Search vendor "Phpbb Group" for product "Phpbb" and version "2.0.0" | - |
Affected
| ||||||
| Phpbb Group Search vendor "Phpbb Group" | Phpbb Search vendor "Phpbb Group" for product "Phpbb" | 2.0.1 Search vendor "Phpbb Group" for product "Phpbb" and version "2.0.1" | - |
Affected
| ||||||
| Phpbb Group Search vendor "Phpbb Group" | Phpbb Search vendor "Phpbb Group" for product "Phpbb" | 2.0.2 Search vendor "Phpbb Group" for product "Phpbb" and version "2.0.2" | - |
Affected
| ||||||
| Phpbb Group Search vendor "Phpbb Group" | Phpbb Search vendor "Phpbb Group" for product "Phpbb" | 2.0.3 Search vendor "Phpbb Group" for product "Phpbb" and version "2.0.3" | - |
Affected
| ||||||
| Phpbb Group Search vendor "Phpbb Group" | Phpbb Search vendor "Phpbb Group" for product "Phpbb" | 2.0.4 Search vendor "Phpbb Group" for product "Phpbb" and version "2.0.4" | - |
Affected
| ||||||
| Phpbb Group Search vendor "Phpbb Group" | Phpbb Search vendor "Phpbb Group" for product "Phpbb" | 2.0.5 Search vendor "Phpbb Group" for product "Phpbb" and version "2.0.5" | - |
Affected
| ||||||
| Phpbb Group Search vendor "Phpbb Group" | Phpbb Search vendor "Phpbb Group" for product "Phpbb" | 2.0.6 Search vendor "Phpbb Group" for product "Phpbb" and version "2.0.6" | - |
Affected
| ||||||
| Phpbb Group Search vendor "Phpbb Group" | Phpbb Search vendor "Phpbb Group" for product "Phpbb" | 2.0.6c Search vendor "Phpbb Group" for product "Phpbb" and version "2.0.6c" | - |
Affected
| ||||||
| Phpbb Group Search vendor "Phpbb Group" | Phpbb Search vendor "Phpbb Group" for product "Phpbb" | 2.0.6d Search vendor "Phpbb Group" for product "Phpbb" and version "2.0.6d" | - |
Affected
| ||||||
| Phpbb Group Search vendor "Phpbb Group" | Phpbb Search vendor "Phpbb Group" for product "Phpbb" | 2.0.7 Search vendor "Phpbb Group" for product "Phpbb" and version "2.0.7" | - |
Affected
| ||||||
| Phpbb Group Search vendor "Phpbb Group" | Phpbb Search vendor "Phpbb Group" for product "Phpbb" | 2.0.7a Search vendor "Phpbb Group" for product "Phpbb" and version "2.0.7a" | - |
Affected
| ||||||
| Phpbb Group Search vendor "Phpbb Group" | Phpbb Search vendor "Phpbb Group" for product "Phpbb" | 2.0.8 Search vendor "Phpbb Group" for product "Phpbb" and version "2.0.8" | - |
Affected
| ||||||
| Phpbb Group Search vendor "Phpbb Group" | Phpbb Search vendor "Phpbb Group" for product "Phpbb" | 2.0.8a Search vendor "Phpbb Group" for product "Phpbb" and version "2.0.8a" | - |
Affected
| ||||||
| Phpbb Group Search vendor "Phpbb Group" | Phpbb Search vendor "Phpbb Group" for product "Phpbb" | 2.0.9 Search vendor "Phpbb Group" for product "Phpbb" and version "2.0.9" | - |
Affected
| ||||||
| Phpbb Group Search vendor "Phpbb Group" | Phpbb Search vendor "Phpbb Group" for product "Phpbb" | 2.0.10 Search vendor "Phpbb Group" for product "Phpbb" and version "2.0.10" | - |
Affected
| ||||||
| Phpbb Group Search vendor "Phpbb Group" | Phpbb Search vendor "Phpbb Group" for product "Phpbb" | 2.0.11 Search vendor "Phpbb Group" for product "Phpbb" and version "2.0.11" | - |
Affected
| ||||||
| Phpbb Group Search vendor "Phpbb Group" | Phpbb Search vendor "Phpbb Group" for product "Phpbb" | 2.0.12 Search vendor "Phpbb Group" for product "Phpbb" and version "2.0.12" | - |
Affected
| ||||||
| Phpbb Group Search vendor "Phpbb Group" | Phpbb Search vendor "Phpbb Group" for product "Phpbb" | 2.0.13 Search vendor "Phpbb Group" for product "Phpbb" and version "2.0.13" | - |
Affected
| ||||||
| Phpbb Group Search vendor "Phpbb Group" | Phpbb Search vendor "Phpbb Group" for product "Phpbb" | 2.0.14 Search vendor "Phpbb Group" for product "Phpbb" and version "2.0.14" | - |
Affected
| ||||||
| Phpbb Group Search vendor "Phpbb Group" | Phpbb Search vendor "Phpbb Group" for product "Phpbb" | 2.0.15 Search vendor "Phpbb Group" for product "Phpbb" and version "2.0.15" | - |
Affected
| ||||||
| Phpbb Group Search vendor "Phpbb Group" | Phpbb Search vendor "Phpbb Group" for product "Phpbb" | 2.0.16 Search vendor "Phpbb Group" for product "Phpbb" and version "2.0.16" | - |
Affected
| ||||||
| Phpbb Group Search vendor "Phpbb Group" | Phpbb Search vendor "Phpbb Group" for product "Phpbb" | 2.0.17 Search vendor "Phpbb Group" for product "Phpbb" and version "2.0.17" | - |
Affected
| ||||||
| Phpbb Group Search vendor "Phpbb Group" | Phpbb Search vendor "Phpbb Group" for product "Phpbb" | 2.0.18 Search vendor "Phpbb Group" for product "Phpbb" and version "2.0.18" | - |
Affected
| ||||||
| Phpbb Group Search vendor "Phpbb Group" | Phpbb Search vendor "Phpbb Group" for product "Phpbb" | 2.0.19 Search vendor "Phpbb Group" for product "Phpbb" and version "2.0.19" | - |
Affected
| ||||||
| Phpbb Group Search vendor "Phpbb Group" | Phpbb Search vendor "Phpbb Group" for product "Phpbb" | 2.0.20 Search vendor "Phpbb Group" for product "Phpbb" and version "2.0.20" | - |
Affected
| ||||||
| Phpbb Group Search vendor "Phpbb Group" | Phpbb Search vendor "Phpbb Group" for product "Phpbb" | 2.0.21 Search vendor "Phpbb Group" for product "Phpbb" and version "2.0.21" | - |
Affected
| ||||||
| Phpbb Group Search vendor "Phpbb Group" | Phpbb Search vendor "Phpbb Group" for product "Phpbb" | 2.0_beta1 Search vendor "Phpbb Group" for product "Phpbb" and version "2.0_beta1" | - |
Affected
| ||||||
| Phpbb Group Search vendor "Phpbb Group" | Phpbb Search vendor "Phpbb Group" for product "Phpbb" | 2.0_rc1 Search vendor "Phpbb Group" for product "Phpbb" and version "2.0_rc1" | - |
Affected
| ||||||
| Phpbb Group Search vendor "Phpbb Group" | Phpbb Search vendor "Phpbb Group" for product "Phpbb" | 2.0_rc2 Search vendor "Phpbb Group" for product "Phpbb" and version "2.0_rc2" | - |
Affected
| ||||||
| Phpbb Group Search vendor "Phpbb Group" | Phpbb Search vendor "Phpbb Group" for product "Phpbb" | 2.0_rc3 Search vendor "Phpbb Group" for product "Phpbb" and version "2.0_rc3" | - |
Affected
| ||||||
| Phpbb Group Search vendor "Phpbb Group" | Phpbb Search vendor "Phpbb Group" for product "Phpbb" | 2.0_rc4 Search vendor "Phpbb Group" for product "Phpbb" and version "2.0_rc4" | - |
Affected
| ||||||