Unrated severityNVD Advisory· Published Apr 13, 2006· Updated Jun 16, 2026

CVE-2006-1775

Description

Multiple cross-site scripting (XSS) vulnerabilities in phpBB 2.0.19 allow remote attackers to inject arbitrary web script or HTML via the (1) Site Description field in (a) admin_board.php, the (2) Group name and (3) Group description fields in (b) admin_groups.php and (c) groupcp.php, the (4) Theme Name field in (d) admin_styles.php, and the (5) Rank Title field in (e) admin_ranks.php. NOTE: the profile.php/Current password vector is already covered by CVE-2006-1603.

Affected products

PhpBB/phpBB2 versions
cpe:2.3:a:phpbb_group:phpbb:2.0.19:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:phpbb_group:phpbb:2.0.19:*:*:*:*:*:*:*
- (no CPE)range: =2.0.19

Patches

Vulnerability mechanics

References

osvdb.org/ref/24/24353-phpbb.txtnvd
www.osvdb.org/24354nvd
www.osvdb.org/24355nvd
www.osvdb.org/24356nvd
www.osvdb.org/24357nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000