CVE-2006-0063 Information

Description

Cross-site scripting (XSS) vulnerability in phpBB 2.0.19 when \Allowed HTML tags\ is enabled allows remote attackers to inject arbitrary web script or HTML via a permitted HTML tag with ’ (single quote) characters and active attributes such as onmouseover a variant of CVE-2005-4357.

Reference

http://securityreason.com/achievement_securityalert/30 http://securityreason.com/securityalert/313 http://www.osvdb.org/22672 http://www.vupen.com/english/advisories/2006/0051