FKIE_CVE-2006-6421

Vulnerability from fkie_nvd - Published: 2006-12-10 11:28 - Updated: 2025-04-09 00:30
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the private message box implementation (privmsg.php) in phpBB 2.0.x allows remote authenticated users to inject arbitrary web script or HTML via the "Message body" field in a message to a non-existent user.
References
cve@mitre.orghttp://secunia.com/advisories/23283
cve@mitre.orghttp://securityreason.com/securityalert/2005
cve@mitre.orghttp://www.phpbb.com/phpBB/viewtopic.php?f=14&t=489624
cve@mitre.orghttp://www.securityfocus.com/archive/1/453774/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/archive/1/456579/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/archive/1/456728/100/100/threaded
cve@mitre.orghttp://www.securityfocus.com/archive/1/456784/100/100/threaded
cve@mitre.orghttp://www.securityfocus.com/bid/21806
cve@mitre.orghttp://www.securityfocus.com/bid/22001
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/30776
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/23283
af854a3a-2127-422b-91ae-364da2661108http://securityreason.com/securityalert/2005
af854a3a-2127-422b-91ae-364da2661108http://www.phpbb.com/phpBB/viewtopic.php?f=14&t=489624
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/453774/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/456579/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/456728/100/100/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/456784/100/100/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/21806
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/22001
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/30776
Impacted products
Vendor Product Version
phpbb_group phpbb 2.0
phpbb_group phpbb 2.0.0
phpbb_group phpbb 2.0.1
phpbb_group phpbb 2.0.2
phpbb_group phpbb 2.0.3
phpbb_group phpbb 2.0.4
phpbb_group phpbb 2.0.5
phpbb_group phpbb 2.0.6
phpbb_group phpbb 2.0.6c
phpbb_group phpbb 2.0.6d
phpbb_group phpbb 2.0.7
phpbb_group phpbb 2.0.7a
phpbb_group phpbb 2.0.8
phpbb_group phpbb 2.0.8a
phpbb_group phpbb 2.0.9
phpbb_group phpbb 2.0.10
phpbb_group phpbb 2.0.11
phpbb_group phpbb 2.0.12
phpbb_group phpbb 2.0.13
phpbb_group phpbb 2.0.14
phpbb_group phpbb 2.0.15
phpbb_group phpbb 2.0.16
phpbb_group phpbb 2.0.17
phpbb_group phpbb 2.0.18
phpbb_group phpbb 2.0.19
phpbb_group phpbb 2.0.20
phpbb_group phpbb 2.0.21
phpbb_group phpbb 2.0_beta1
phpbb_group phpbb 2.0_rc1
phpbb_group phpbb 2.0_rc2
phpbb_group phpbb 2.0_rc3
phpbb_group phpbb 2.0_rc4
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BE04D5FE-021A-4E97-9166-8F7484F4C5F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E3B77B44-C3C9-4BC8-8D39-2200F1BACC07",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7C74C78D-EEE0-48DF-9721-2A43B996EBD5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "054EFBD3-2252-4173-B37A-B8CA0218CE0C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "00EB368F-5471-42E3-BBBE-EF9E623A7259",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "F65406CF-59F1-48DC-8ABC-501F210A8B73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "03AC5144-140D-48E9-87FD-96F2E248D4E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8F12660-10A7-4B66-94B0-954C9CD7D36C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.6c:*:*:*:*:*:*:*",
              "matchCriteriaId": "D9D9A19A-7A43-4E67-A5A7-7DF60926EB95",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.6d:*:*:*:*:*:*:*",
              "matchCriteriaId": "1DFBF5F9-AA51-45A7-BE6E-0A06778773B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "FFBE40D8-27C0-4E06-993E-AA07DCD5B4C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.7a:*:*:*:*:*:*:*",
              "matchCriteriaId": "69F58020-7D60-4376-BF2B-602A24C3F4EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BF566D7-4537-49F6-91BF-F56D64DAE6DC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.8a:*:*:*:*:*:*:*",
              "matchCriteriaId": "18657E92-FA64-43CD-98CD-6C9AFAF3C3BE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "E3F1F44C-B65B-49C4-B6E8-30560D5B7663",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "6DDE0690-6FB1-4E68-9250-7F45E9044B12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "8D0D9755-845D-4B53-88FA-98665A7240DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "773F6A04-7B8A-4658-AC64-DF8191A9BC26",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2BF61F2-C69F-4B3C-92CD-20377C51C8A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "AEACB9B7-2FA9-4290-94EE-E11DF8F66DC3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "12CBA1A2-B9D9-436A-9772-75062D1D0931",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "B73B0FF6-5E58-4124-B815-192DA7D3FD57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "28B74F3F-5DE8-4C22-9773-F04372B79CAF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "70E7ED09-FDD7-4FC2-AD0F-4B31E170F3F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "82FD53CF-3D32-4F2A-AC8B-8F8390355536",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "90AAEB34-A2E5-43C9-9EA5-DF8A6C848ED3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "52CC6700-8863-4E86-9232-6CBFCF19FBC4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0_beta1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B1BACCC9-0871-4BAE-B8E1-783EF6A2DC99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0_rc1:*:*:*:*:*:*:*",
              "matchCriteriaId": "639E102D-2BD2-42FF-999A-02135A3E5647",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0_rc2:*:*:*:*:*:*:*",
              "matchCriteriaId": "AA7F5CF1-4610-47D0-A6DD-DCB55645245D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0_rc3:*:*:*:*:*:*:*",
              "matchCriteriaId": "FB898F63-F327-44B1-B6A2-889E490E583F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0_rc4:*:*:*:*:*:*:*",
              "matchCriteriaId": "894A26BD-2D8B-4DE7-BEE3-940A0498DB74",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in the private message box implementation (privmsg.php) in phpBB 2.0.x allows remote authenticated users to inject arbitrary web script or HTML via the \"Message body\" field in a message to a non-existent user."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el buz\u00f3n de mensajes privados en phpBB 2.0.x permite a un usuario remoto validado inyectar secuencias de comandos web o HTML a trav\u00e9s del campo \"cuerpo de mensaje\" de un mensaje a un usuario no existente."
    }
  ],
  "id": "CVE-2006-6421",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": true,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2006-12-10T11:28:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/23283"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securityreason.com/securityalert/2005"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.phpbb.com/phpBB/viewtopic.php?f=14\u0026t=489624"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/453774/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/456579/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/456728/100/100/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/456784/100/100/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/21806"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/22001"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30776"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/23283"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securityreason.com/securityalert/2005"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.phpbb.com/phpBB/viewtopic.php?f=14\u0026t=489624"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/453774/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/456579/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/456728/100/100/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/456784/100/100/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/21806"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/22001"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30776"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.