CVE-2006-6421 Information

Description

Cross-site scripting (XSS) vulnerability in the private message box implementation (privmsg.php) in phpBB 2.0.x allows remote authenticated users to inject arbitrary web script or HTML via the \Message body\ field in a message to a non-existent user.

Reference

http://secunia.com/advisories/23283 http://securityreason.com/securityalert/2005 http://www.phpbb.com/phpBB/viewtopic.php?f=14&t=489624 http://www.securityfocus.com/archive/1/453774/100/0/threaded http://www.securityfocus.com/archive/1/456579/100/0/threaded http://www.securityfocus.com/archive/1/456728/100/100/threaded http://www.securityfocus.com/archive/1/456784/100/100/threaded http://www.securityfocus.com/bid/21806 http://www.securityfocus.com/bid/22001 https://exchange.xforce.ibmcloud.com/vulnerabilities/30776