phpBB contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'error_msg' variables upon submission to the 'usercp_register.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Upgrade to version 2.0.18 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

• Security Tracker: 1015121
• Secunia Advisory ID: 17366 18098
• CVE ID: 2005-3418 (see also: NVD)
• Related OSVDB ID: 20386 20388 20389 20390 20391
• VUPEN Advisory: ADV-2005-2250
• Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0637.html
• Vendor Specific Advisory URL: http://www.debian.org/security/2005/dsa-925
• Other Advisory URL: http://www.hardened-php.net/advisory_172005.75.html

• Stefan Esser - sesserhardened-php.net - www.hardened-php.net