CVE-2005-0673 Information

Description

Cross-site scripting (XSS) vulnerability in usercp_register.php for phpBB 2.0.13 allows remote attackers to inject arbitrary web script or HTML by setting the (1) allowhtml (2) allowbbcode or (3) allowsmilies parameters to inject HTML into signatures for personal messages possibly when they are processed by privmsg.php or viewtopic.php.

Reference

http://neosecurityteam.tk/index.php?pagina=advisories&id=8 http://secunia.com/advisories/14475 http://securitytracker.com/id?1013362