XSS in Phpbb

CVE-2015-1431

Cross-site scripting (XSS) vulnerability in includes/startup.php in phpBB before 3.0.13 allows remote attackers to inject arbitrary web script or HTML via vectors related to "Relative Path Overwrite."

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.006 (70.7th percentile) — read the EPSS interpretation.

Affected products

Phpbb
N/a — versions n/a

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

References

cve@mitre.org (x_refsource_CONFIRM)
cve@mitre.org (x_refsource_CONFIRM)
[oss-security] 20150131 Re: CVE request: phpbb3 CSRF and CSS injection (mailing-list, x_refsource_MLIST)
cve@mitre.org (x_refsource_CONFIRM)
GLSA-201701-25 (vendor-advisory, x_refsource_GENTOO)
72405 (vdb-entry, x_refsource_BID)
phpbb3-cve20151431-xss(100670) (vdb-entry, x_refsource_XF)
cve@mitre.org (x_refsource_CONFIRM)